xmrig | d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
Size

1.6MB
MD5

79699ea799e01206d59d05db91720097
SHA1

e367b05ec59cf6894cdf3fcbeb0b7eab40635397
SHA256

d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5
SHA512

0f8a0c4b50054e8b2abf492bf714d35b94498964d6abd419d35bf547e299621246c535806dfd8ab47a3aed6fdad177cd63a2c9aa92d63f1ebd514f0f3354f44b
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlr1aijy0/M:oemTLkNdfE0pZr6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3992-0-0x00007FF67E780000-0x00007FF67EAD4000-memory.dmp	xmrig
behavioral2/files/0x000700000002325a-5.dat	xmrig
behavioral2/files/0x00070000000234d2-9.dat	xmrig
behavioral2/files/0x00070000000234d8-47.dat	xmrig
behavioral2/files/0x00070000000234d9-48.dat	xmrig
behavioral2/files/0x00070000000234d6-63.dat	xmrig
behavioral2/files/0x00070000000234e4-104.dat	xmrig
behavioral2/memory/2968-123-0x00007FF751640000-0x00007FF751994000-memory.dmp	xmrig
behavioral2/files/0x00070000000234e7-185.dat	xmrig
behavioral2/memory/956-210-0x00007FF746EE0000-0x00007FF747234000-memory.dmp	xmrig
behavioral2/memory/2672-229-0x00007FF64A1D0000-0x00007FF64A524000-memory.dmp	xmrig
behavioral2/memory/2224-242-0x00007FF7A0D50000-0x00007FF7A10A4000-memory.dmp	xmrig
behavioral2/memory/4528-251-0x00007FF7F1100000-0x00007FF7F1454000-memory.dmp	xmrig
behavioral2/memory/2060-250-0x00007FF7FF580000-0x00007FF7FF8D4000-memory.dmp	xmrig
behavioral2/memory/4584-249-0x00007FF6A41B0000-0x00007FF6A4504000-memory.dmp	xmrig
behavioral2/memory/1012-248-0x00007FF6BD3E0000-0x00007FF6BD734000-memory.dmp	xmrig
behavioral2/memory/2012-247-0x00007FF6E0610000-0x00007FF6E0964000-memory.dmp	xmrig
behavioral2/memory/1452-246-0x00007FF7C9EA0000-0x00007FF7CA1F4000-memory.dmp	xmrig
behavioral2/memory/888-245-0x00007FF72D980000-0x00007FF72DCD4000-memory.dmp	xmrig
behavioral2/memory/5080-244-0x00007FF614B90000-0x00007FF614EE4000-memory.dmp	xmrig
behavioral2/memory/1592-243-0x00007FF736BF0000-0x00007FF736F44000-memory.dmp	xmrig
behavioral2/memory/320-238-0x00007FF69FB60000-0x00007FF69FEB4000-memory.dmp	xmrig
behavioral2/memory/4016-237-0x00007FF7BB2A0000-0x00007FF7BB5F4000-memory.dmp	xmrig
behavioral2/memory/776-231-0x00007FF645E40000-0x00007FF646194000-memory.dmp	xmrig
behavioral2/memory/1192-230-0x00007FF7F4310000-0x00007FF7F4664000-memory.dmp	xmrig
behavioral2/memory/3784-216-0x00007FF642880000-0x00007FF642BD4000-memory.dmp	xmrig
behavioral2/memory/3228-191-0x00007FF7F73F0000-0x00007FF7F7744000-memory.dmp	xmrig
behavioral2/files/0x00070000000234f8-184.dat	xmrig
behavioral2/files/0x00070000000234de-182.dat	xmrig
behavioral2/files/0x00070000000234e5-180.dat	xmrig
behavioral2/files/0x00070000000234f7-179.dat	xmrig
behavioral2/files/0x00070000000234f6-178.dat	xmrig
behavioral2/files/0x00070000000234f5-177.dat	xmrig
behavioral2/memory/4332-176-0x00007FF61DD90000-0x00007FF61E0E4000-memory.dmp	xmrig
behavioral2/memory/1188-175-0x00007FF64D5C0000-0x00007FF64D914000-memory.dmp	xmrig
behavioral2/memory/4912-174-0x00007FF6C18E0000-0x00007FF6C1C34000-memory.dmp	xmrig
behavioral2/files/0x00070000000234f4-172.dat	xmrig
behavioral2/files/0x00070000000234f3-171.dat	xmrig
behavioral2/files/0x00070000000234f2-168.dat	xmrig
behavioral2/files/0x00070000000234f1-167.dat	xmrig
behavioral2/files/0x00070000000234f0-163.dat	xmrig
behavioral2/files/0x00070000000234e8-162.dat	xmrig
behavioral2/files/0x00070000000234ef-159.dat	xmrig
behavioral2/files/0x00070000000234ee-158.dat	xmrig
behavioral2/files/0x00070000000234ed-157.dat	xmrig
behavioral2/files/0x00070000000234ec-156.dat	xmrig
behavioral2/files/0x00070000000234eb-152.dat	xmrig
behavioral2/files/0x00070000000234e6-151.dat	xmrig
behavioral2/files/0x00070000000234ea-150.dat	xmrig
behavioral2/files/0x00070000000234e3-143.dat	xmrig
behavioral2/files/0x00070000000234e2-140.dat	xmrig
behavioral2/files/0x00070000000234e1-137.dat	xmrig
behavioral2/files/0x00070000000234e9-132.dat	xmrig
behavioral2/files/0x00070000000234e0-122.dat	xmrig
behavioral2/files/0x00070000000234dc-103.dat	xmrig
behavioral2/memory/1572-96-0x00007FF704CB0000-0x00007FF705004000-memory.dmp	xmrig
behavioral2/files/0x00070000000234db-94.dat	xmrig
behavioral2/files/0x00070000000234df-86.dat	xmrig
behavioral2/files/0x00070000000234dd-110.dat	xmrig
behavioral2/memory/3176-77-0x00007FF758520000-0x00007FF758874000-memory.dmp	xmrig
behavioral2/files/0x00070000000234da-76.dat	xmrig
behavioral2/memory/1796-73-0x00007FF6A5720000-0x00007FF6A5A74000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d5-57.dat	xmrig
behavioral2/files/0x00070000000234d7-53.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
460	EIOnBFz.exe
2728	ulwyzXx.exe
3808	DCervDn.exe
888	sakDagn.exe
4052	VgcGmyB.exe
1452	VqDfmFA.exe
2012	NojkPjD.exe
1796	xXoyVaS.exe
3176	uleCteZ.exe
1012	nidMwUQ.exe
1572	DhAADmb.exe
2968	AgkfxoT.exe
4912	OMBiiif.exe
1188	RhwIjCD.exe
4584	FItrKYe.exe
4332	yTeVZAo.exe
3228	FVTtvIy.exe
956	EaaijNm.exe
3784	sMCXqaY.exe
2060	QFzNtcY.exe
2672	wtLVayy.exe
1192	SQpBkko.exe
776	yIomMyn.exe
4528	ljsPwRd.exe
4016	WGFGRXd.exe
320	AihOuYU.exe
2224	UKTnfXG.exe
1592	rMXKQjg.exe
5080	qJPYsAF.exe
1864	bLbANtb.exe
2760	mPeLkZA.exe
2664	LUyeySG.exe
1040	yszOzeV.exe
2408	pQORKek.exe
2864	ahfdUSp.exe
5084	KwjFmVb.exe
3300	jdbUfSp.exe
4892	dFepGgE.exe
3556	wAwEipj.exe
5040	htQUQAQ.exe
3080	BAObTuO.exe
4252	krtbWxm.exe
2448	PfXfBgX.exe
2468	aDjiuVS.exe
4144	nYhgZKo.exe
4592	DNmNkoa.exe
4704	Umifelm.exe
1396	ZDgkbpd.exe
3932	vupVUtT.exe
628	QoMLggR.exe
1636	Iycxmlo.exe
2008	xvyTOgh.exe
1940	lbugPIZ.exe
1252	ldYveiJ.exe
3864	fGcrXub.exe
2600	wfLldmS.exe
3356	QJThTDd.exe
2860	axCQoxU.exe
456	VhXQilT.exe
2152	DZmgKgH.exe
2960	RgXYsno.exe
3956	TfLAxZM.exe
2252	hYDEqCG.exe
1856	qoVIJDW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3992-0-0x00007FF67E780000-0x00007FF67EAD4000-memory.dmp	upx
behavioral2/files/0x000700000002325a-5.dat	upx
behavioral2/files/0x00070000000234d2-9.dat	upx
behavioral2/files/0x00070000000234d8-47.dat	upx
behavioral2/files/0x00070000000234d9-48.dat	upx
behavioral2/files/0x00070000000234d6-63.dat	upx
behavioral2/files/0x00070000000234e4-104.dat	upx
behavioral2/memory/2968-123-0x00007FF751640000-0x00007FF751994000-memory.dmp	upx
behavioral2/files/0x00070000000234e7-185.dat	upx
behavioral2/memory/956-210-0x00007FF746EE0000-0x00007FF747234000-memory.dmp	upx
behavioral2/memory/2672-229-0x00007FF64A1D0000-0x00007FF64A524000-memory.dmp	upx
behavioral2/memory/2224-242-0x00007FF7A0D50000-0x00007FF7A10A4000-memory.dmp	upx
behavioral2/memory/4528-251-0x00007FF7F1100000-0x00007FF7F1454000-memory.dmp	upx
behavioral2/memory/2060-250-0x00007FF7FF580000-0x00007FF7FF8D4000-memory.dmp	upx
behavioral2/memory/4584-249-0x00007FF6A41B0000-0x00007FF6A4504000-memory.dmp	upx
behavioral2/memory/1012-248-0x00007FF6BD3E0000-0x00007FF6BD734000-memory.dmp	upx
behavioral2/memory/2012-247-0x00007FF6E0610000-0x00007FF6E0964000-memory.dmp	upx
behavioral2/memory/1452-246-0x00007FF7C9EA0000-0x00007FF7CA1F4000-memory.dmp	upx
behavioral2/memory/888-245-0x00007FF72D980000-0x00007FF72DCD4000-memory.dmp	upx
behavioral2/memory/5080-244-0x00007FF614B90000-0x00007FF614EE4000-memory.dmp	upx
behavioral2/memory/1592-243-0x00007FF736BF0000-0x00007FF736F44000-memory.dmp	upx
behavioral2/memory/320-238-0x00007FF69FB60000-0x00007FF69FEB4000-memory.dmp	upx
behavioral2/memory/4016-237-0x00007FF7BB2A0000-0x00007FF7BB5F4000-memory.dmp	upx
behavioral2/memory/776-231-0x00007FF645E40000-0x00007FF646194000-memory.dmp	upx
behavioral2/memory/1192-230-0x00007FF7F4310000-0x00007FF7F4664000-memory.dmp	upx
behavioral2/memory/3784-216-0x00007FF642880000-0x00007FF642BD4000-memory.dmp	upx
behavioral2/memory/3228-191-0x00007FF7F73F0000-0x00007FF7F7744000-memory.dmp	upx
behavioral2/files/0x00070000000234f8-184.dat	upx
behavioral2/files/0x00070000000234de-182.dat	upx
behavioral2/files/0x00070000000234e5-180.dat	upx
behavioral2/files/0x00070000000234f7-179.dat	upx
behavioral2/files/0x00070000000234f6-178.dat	upx
behavioral2/files/0x00070000000234f5-177.dat	upx
behavioral2/memory/4332-176-0x00007FF61DD90000-0x00007FF61E0E4000-memory.dmp	upx
behavioral2/memory/1188-175-0x00007FF64D5C0000-0x00007FF64D914000-memory.dmp	upx
behavioral2/memory/4912-174-0x00007FF6C18E0000-0x00007FF6C1C34000-memory.dmp	upx
behavioral2/files/0x00070000000234f4-172.dat	upx
behavioral2/files/0x00070000000234f3-171.dat	upx
behavioral2/files/0x00070000000234f2-168.dat	upx
behavioral2/files/0x00070000000234f1-167.dat	upx
behavioral2/files/0x00070000000234f0-163.dat	upx
behavioral2/files/0x00070000000234e8-162.dat	upx
behavioral2/files/0x00070000000234ef-159.dat	upx
behavioral2/files/0x00070000000234ee-158.dat	upx
behavioral2/files/0x00070000000234ed-157.dat	upx
behavioral2/files/0x00070000000234ec-156.dat	upx
behavioral2/files/0x00070000000234eb-152.dat	upx
behavioral2/files/0x00070000000234e6-151.dat	upx
behavioral2/files/0x00070000000234ea-150.dat	upx
behavioral2/files/0x00070000000234e3-143.dat	upx
behavioral2/files/0x00070000000234e2-140.dat	upx
behavioral2/files/0x00070000000234e1-137.dat	upx
behavioral2/files/0x00070000000234e9-132.dat	upx
behavioral2/files/0x00070000000234e0-122.dat	upx
behavioral2/files/0x00070000000234dc-103.dat	upx
behavioral2/memory/1572-96-0x00007FF704CB0000-0x00007FF705004000-memory.dmp	upx
behavioral2/files/0x00070000000234db-94.dat	upx
behavioral2/files/0x00070000000234df-86.dat	upx
behavioral2/files/0x00070000000234dd-110.dat	upx
behavioral2/memory/3176-77-0x00007FF758520000-0x00007FF758874000-memory.dmp	upx
behavioral2/files/0x00070000000234da-76.dat	upx
behavioral2/memory/1796-73-0x00007FF6A5720000-0x00007FF6A5A74000-memory.dmp	upx
behavioral2/files/0x00070000000234d5-57.dat	upx
behavioral2/files/0x00070000000234d7-53.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jdbUfSp.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\EmFUgbV.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\dBYgdFY.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\JPNXBRf.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\zjXSYMm.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\uWWlKro.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\NvlBOKD.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\BzFlGip.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\SIflKof.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\DZmgKgH.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\nPeoLAE.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\EGCUAsg.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\vECLmkq.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\hharKNe.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\BTvvIJJ.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\OtlIQOz.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\kVEPfng.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\epgycAl.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\OyOhUWy.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\kUZeBFj.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\mHcxoXr.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\ehEcpHV.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\isxZpHI.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\HocdaBe.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\FqcCUBQ.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\ltIsMLn.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\ndTRDlx.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\lfGrWYt.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\aDjiuVS.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\lbugPIZ.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\SkCAWpD.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\JANmqzM.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\klbAxuD.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\dRRjnhB.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\MmCiswL.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\HUVQfYo.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\aZBHkfd.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\qaepJNP.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\OMBiiif.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\cGFCDEu.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\Zfjpulk.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\BBbNANI.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\RxdMnTR.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\pRPhTmk.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\oqpZfdc.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\KrvvnPS.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\bRffwmP.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\MFwrNYJ.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\rzgNppC.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\XOPsvQB.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\sGEjZBO.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\FVTtvIy.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\yIomMyn.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\UKTnfXG.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\hZyoMDA.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\MXmpRHj.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\YxYsWoi.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\BhWlgzH.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\jGjxKkN.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\afeerzC.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\eCWttrP.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\YzoLsFe.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\htQUQAQ.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
File created	C:\Windows\System\RgXYsno.exe	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	13728	dwm.exe
Token: SeChangeNotifyPrivilege	13728	dwm.exe
Token: 33	13728	dwm.exe
Token: SeIncBasePriorityPrivilege	13728	dwm.exe
Token: SeShutdownPrivilege	13728	dwm.exe
Token: SeCreatePagefilePrivilege	13728	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 460	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	84
PID 3992 wrote to memory of 460	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	84
PID 3992 wrote to memory of 2728	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	85
PID 3992 wrote to memory of 2728	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	85
PID 3992 wrote to memory of 3808	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	88
PID 3992 wrote to memory of 3808	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	88
PID 3992 wrote to memory of 888	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	89
PID 3992 wrote to memory of 888	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	89
PID 3992 wrote to memory of 4052	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	90
PID 3992 wrote to memory of 4052	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	90
PID 3992 wrote to memory of 2012	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	91
PID 3992 wrote to memory of 2012	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	91
PID 3992 wrote to memory of 1452	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	92
PID 3992 wrote to memory of 1452	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	92
PID 3992 wrote to memory of 1012	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	93
PID 3992 wrote to memory of 1012	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	93
PID 3992 wrote to memory of 1796	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	94
PID 3992 wrote to memory of 1796	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	94
PID 3992 wrote to memory of 3176	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	95
PID 3992 wrote to memory of 3176	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	95
PID 3992 wrote to memory of 1572	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	96
PID 3992 wrote to memory of 1572	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	96
PID 3992 wrote to memory of 2968	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	97
PID 3992 wrote to memory of 2968	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	97
PID 3992 wrote to memory of 4912	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	98
PID 3992 wrote to memory of 4912	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	98
PID 3992 wrote to memory of 1188	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	99
PID 3992 wrote to memory of 1188	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	99
PID 3992 wrote to memory of 2060	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	100
PID 3992 wrote to memory of 2060	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	100
PID 3992 wrote to memory of 4584	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	101
PID 3992 wrote to memory of 4584	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	101
PID 3992 wrote to memory of 4332	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	102
PID 3992 wrote to memory of 4332	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	102
PID 3992 wrote to memory of 3228	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	103
PID 3992 wrote to memory of 3228	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	103
PID 3992 wrote to memory of 956	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	104
PID 3992 wrote to memory of 956	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	104
PID 3992 wrote to memory of 3784	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	105
PID 3992 wrote to memory of 3784	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	105
PID 3992 wrote to memory of 2672	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	106
PID 3992 wrote to memory of 2672	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	106
PID 3992 wrote to memory of 1192	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	107
PID 3992 wrote to memory of 1192	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	107
PID 3992 wrote to memory of 320	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	108
PID 3992 wrote to memory of 320	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	108
PID 3992 wrote to memory of 776	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	109
PID 3992 wrote to memory of 776	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	109
PID 3992 wrote to memory of 2664	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	110
PID 3992 wrote to memory of 2664	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	110
PID 3992 wrote to memory of 4528	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	111
PID 3992 wrote to memory of 4528	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	111
PID 3992 wrote to memory of 4016	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	112
PID 3992 wrote to memory of 4016	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	112
PID 3992 wrote to memory of 2224	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	113
PID 3992 wrote to memory of 2224	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	113
PID 3992 wrote to memory of 1592	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	114
PID 3992 wrote to memory of 1592	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	114
PID 3992 wrote to memory of 5080	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	115
PID 3992 wrote to memory of 5080	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	115
PID 3992 wrote to memory of 1864	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	116
PID 3992 wrote to memory of 1864	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	116
PID 3992 wrote to memory of 2760	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	117
PID 3992 wrote to memory of 2760	3992	d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe	117

C:\Users\Admin\AppData\Local\Temp\d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe
"C:\Users\Admin\AppData\Local\Temp\d8a351815165ae98f31756104e27b965762744e16cb817db9ca9f9cb8ad71cf5.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Windows\System\EIOnBFz.exe
  C:\Windows\System\EIOnBFz.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\ulwyzXx.exe
  C:\Windows\System\ulwyzXx.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\DCervDn.exe
  C:\Windows\System\DCervDn.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\sakDagn.exe
  C:\Windows\System\sakDagn.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\VgcGmyB.exe
  C:\Windows\System\VgcGmyB.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\NojkPjD.exe
  C:\Windows\System\NojkPjD.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\VqDfmFA.exe
  C:\Windows\System\VqDfmFA.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\nidMwUQ.exe
  C:\Windows\System\nidMwUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\xXoyVaS.exe
  C:\Windows\System\xXoyVaS.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\uleCteZ.exe
  C:\Windows\System\uleCteZ.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\DhAADmb.exe
  C:\Windows\System\DhAADmb.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\AgkfxoT.exe
  C:\Windows\System\AgkfxoT.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\OMBiiif.exe
  C:\Windows\System\OMBiiif.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\RhwIjCD.exe
  C:\Windows\System\RhwIjCD.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\QFzNtcY.exe
  C:\Windows\System\QFzNtcY.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\FItrKYe.exe
  C:\Windows\System\FItrKYe.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\yTeVZAo.exe
  C:\Windows\System\yTeVZAo.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\FVTtvIy.exe
  C:\Windows\System\FVTtvIy.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\EaaijNm.exe
  C:\Windows\System\EaaijNm.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\sMCXqaY.exe
  C:\Windows\System\sMCXqaY.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\wtLVayy.exe
  C:\Windows\System\wtLVayy.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\SQpBkko.exe
  C:\Windows\System\SQpBkko.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\AihOuYU.exe
  C:\Windows\System\AihOuYU.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\yIomMyn.exe
  C:\Windows\System\yIomMyn.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\LUyeySG.exe
  C:\Windows\System\LUyeySG.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ljsPwRd.exe
  C:\Windows\System\ljsPwRd.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\WGFGRXd.exe
  C:\Windows\System\WGFGRXd.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\UKTnfXG.exe
  C:\Windows\System\UKTnfXG.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\rMXKQjg.exe
  C:\Windows\System\rMXKQjg.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\qJPYsAF.exe
  C:\Windows\System\qJPYsAF.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\bLbANtb.exe
  C:\Windows\System\bLbANtb.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\mPeLkZA.exe
  C:\Windows\System\mPeLkZA.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\yszOzeV.exe
  C:\Windows\System\yszOzeV.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\pQORKek.exe
  C:\Windows\System\pQORKek.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\ahfdUSp.exe
  C:\Windows\System\ahfdUSp.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\KwjFmVb.exe
  C:\Windows\System\KwjFmVb.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\jdbUfSp.exe
  C:\Windows\System\jdbUfSp.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\dFepGgE.exe
  C:\Windows\System\dFepGgE.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\wAwEipj.exe
  C:\Windows\System\wAwEipj.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\htQUQAQ.exe
  C:\Windows\System\htQUQAQ.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\BAObTuO.exe
  C:\Windows\System\BAObTuO.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\krtbWxm.exe
  C:\Windows\System\krtbWxm.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\PfXfBgX.exe
  C:\Windows\System\PfXfBgX.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\aDjiuVS.exe
  C:\Windows\System\aDjiuVS.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\nYhgZKo.exe
  C:\Windows\System\nYhgZKo.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\DNmNkoa.exe
  C:\Windows\System\DNmNkoa.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\Umifelm.exe
  C:\Windows\System\Umifelm.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\ZDgkbpd.exe
  C:\Windows\System\ZDgkbpd.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\vupVUtT.exe
  C:\Windows\System\vupVUtT.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\QoMLggR.exe
  C:\Windows\System\QoMLggR.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\Iycxmlo.exe
  C:\Windows\System\Iycxmlo.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\xvyTOgh.exe
  C:\Windows\System\xvyTOgh.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\lbugPIZ.exe
  C:\Windows\System\lbugPIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ldYveiJ.exe
  C:\Windows\System\ldYveiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\fGcrXub.exe
  C:\Windows\System\fGcrXub.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\wfLldmS.exe
  C:\Windows\System\wfLldmS.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\QJThTDd.exe
  C:\Windows\System\QJThTDd.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\axCQoxU.exe
  C:\Windows\System\axCQoxU.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VhXQilT.exe
  C:\Windows\System\VhXQilT.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\DZmgKgH.exe
  C:\Windows\System\DZmgKgH.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\RgXYsno.exe
  C:\Windows\System\RgXYsno.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\TfLAxZM.exe
  C:\Windows\System\TfLAxZM.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\hYDEqCG.exe
  C:\Windows\System\hYDEqCG.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\qoVIJDW.exe
  C:\Windows\System\qoVIJDW.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\rYowPDZ.exe
  C:\Windows\System\rYowPDZ.exe
  2⤵
  PID:2732
- C:\Windows\System\uPkUJTf.exe
  C:\Windows\System\uPkUJTf.exe
  2⤵
  PID:1280
- C:\Windows\System\aFiUZSD.exe
  C:\Windows\System\aFiUZSD.exe
  2⤵
  PID:5008
- C:\Windows\System\KyojeLE.exe
  C:\Windows\System\KyojeLE.exe
  2⤵
  PID:1816
- C:\Windows\System\kRCxirE.exe
  C:\Windows\System\kRCxirE.exe
  2⤵
  PID:2292
- C:\Windows\System\MXmpRHj.exe
  C:\Windows\System\MXmpRHj.exe
  2⤵
  PID:1556
- C:\Windows\System\VVPZuUN.exe
  C:\Windows\System\VVPZuUN.exe
  2⤵
  PID:1464
- C:\Windows\System\dWfxJLC.exe
  C:\Windows\System\dWfxJLC.exe
  2⤵
  PID:1440
- C:\Windows\System\pyYBGIo.exe
  C:\Windows\System\pyYBGIo.exe
  2⤵
  PID:1400
- C:\Windows\System\orXNDiT.exe
  C:\Windows\System\orXNDiT.exe
  2⤵
  PID:1296
- C:\Windows\System\slbUdHC.exe
  C:\Windows\System\slbUdHC.exe
  2⤵
  PID:4692
- C:\Windows\System\eJtvDFR.exe
  C:\Windows\System\eJtvDFR.exe
  2⤵
  PID:1928
- C:\Windows\System\eNPbYLo.exe
  C:\Windows\System\eNPbYLo.exe
  2⤵
  PID:3452
- C:\Windows\System\IyoCTVz.exe
  C:\Windows\System\IyoCTVz.exe
  2⤵
  PID:1376
- C:\Windows\System\MNDgmmw.exe
  C:\Windows\System\MNDgmmw.exe
  2⤵
  PID:4028
- C:\Windows\System\TkVBIPt.exe
  C:\Windows\System\TkVBIPt.exe
  2⤵
  PID:1724
- C:\Windows\System\QsoKiUV.exe
  C:\Windows\System\QsoKiUV.exe
  2⤵
  PID:5136
- C:\Windows\System\qxVQxHh.exe
  C:\Windows\System\qxVQxHh.exe
  2⤵
  PID:5152
- C:\Windows\System\PRBKMYk.exe
  C:\Windows\System\PRBKMYk.exe
  2⤵
  PID:5168
- C:\Windows\System\jIrBFNl.exe
  C:\Windows\System\jIrBFNl.exe
  2⤵
  PID:5184
- C:\Windows\System\MPPZpgV.exe
  C:\Windows\System\MPPZpgV.exe
  2⤵
  PID:5200
- C:\Windows\System\ccQGkWa.exe
  C:\Windows\System\ccQGkWa.exe
  2⤵
  PID:5216
- C:\Windows\System\VoORNHA.exe
  C:\Windows\System\VoORNHA.exe
  2⤵
  PID:5232
- C:\Windows\System\anoEuTi.exe
  C:\Windows\System\anoEuTi.exe
  2⤵
  PID:5248
- C:\Windows\System\XdeDTrc.exe
  C:\Windows\System\XdeDTrc.exe
  2⤵
  PID:5264
- C:\Windows\System\PgkYrxx.exe
  C:\Windows\System\PgkYrxx.exe
  2⤵
  PID:5280
- C:\Windows\System\yRQLQvm.exe
  C:\Windows\System\yRQLQvm.exe
  2⤵
  PID:5304
- C:\Windows\System\bKoFHOy.exe
  C:\Windows\System\bKoFHOy.exe
  2⤵
  PID:5320
- C:\Windows\System\GDjUWWC.exe
  C:\Windows\System\GDjUWWC.exe
  2⤵
  PID:5804
- C:\Windows\System\ttgMHpY.exe
  C:\Windows\System\ttgMHpY.exe
  2⤵
  PID:5824
- C:\Windows\System\qhKLrwq.exe
  C:\Windows\System\qhKLrwq.exe
  2⤵
  PID:5848
- C:\Windows\System\xcURiVA.exe
  C:\Windows\System\xcURiVA.exe
  2⤵
  PID:5884
- C:\Windows\System\GcrGoey.exe
  C:\Windows\System\GcrGoey.exe
  2⤵
  PID:5920
- C:\Windows\System\HoknXeK.exe
  C:\Windows\System\HoknXeK.exe
  2⤵
  PID:5944
- C:\Windows\System\aBhWioo.exe
  C:\Windows\System\aBhWioo.exe
  2⤵
  PID:5976
- C:\Windows\System\oNfYzSD.exe
  C:\Windows\System\oNfYzSD.exe
  2⤵
  PID:6004
- C:\Windows\System\SBitzDC.exe
  C:\Windows\System\SBitzDC.exe
  2⤵
  PID:6032
- C:\Windows\System\dNKAqim.exe
  C:\Windows\System\dNKAqim.exe
  2⤵
  PID:6052
- C:\Windows\System\zFIjpEw.exe
  C:\Windows\System\zFIjpEw.exe
  2⤵
  PID:6076
- C:\Windows\System\wfoVAaC.exe
  C:\Windows\System\wfoVAaC.exe
  2⤵
  PID:6112
- C:\Windows\System\EmFUgbV.exe
  C:\Windows\System\EmFUgbV.exe
  2⤵
  PID:6140
- C:\Windows\System\KFiINax.exe
  C:\Windows\System\KFiINax.exe
  2⤵
  PID:4956
- C:\Windows\System\grgMwGD.exe
  C:\Windows\System\grgMwGD.exe
  2⤵
  PID:4964
- C:\Windows\System\ALjYIRw.exe
  C:\Windows\System\ALjYIRw.exe
  2⤵
  PID:2364
- C:\Windows\System\mfWaeJR.exe
  C:\Windows\System\mfWaeJR.exe
  2⤵
  PID:784
- C:\Windows\System\BtpRUHO.exe
  C:\Windows\System\BtpRUHO.exe
  2⤵
  PID:2032
- C:\Windows\System\kPsRgBF.exe
  C:\Windows\System\kPsRgBF.exe
  2⤵
  PID:5012
- C:\Windows\System\rrZwuoP.exe
  C:\Windows\System\rrZwuoP.exe
  2⤵
  PID:4456
- C:\Windows\System\tsgtvTS.exe
  C:\Windows\System\tsgtvTS.exe
  2⤵
  PID:4980
- C:\Windows\System\EuVXtGr.exe
  C:\Windows\System\EuVXtGr.exe
  2⤵
  PID:1916
- C:\Windows\System\YfqBnHq.exe
  C:\Windows\System\YfqBnHq.exe
  2⤵
  PID:5160
- C:\Windows\System\Bfhhfdt.exe
  C:\Windows\System\Bfhhfdt.exe
  2⤵
  PID:5212
- C:\Windows\System\dwamPSR.exe
  C:\Windows\System\dwamPSR.exe
  2⤵
  PID:5276
- C:\Windows\System\kSwzwCS.exe
  C:\Windows\System\kSwzwCS.exe
  2⤵
  PID:5336
- C:\Windows\System\yyJflFw.exe
  C:\Windows\System\yyJflFw.exe
  2⤵
  PID:5380
- C:\Windows\System\SHmXqqx.exe
  C:\Windows\System\SHmXqqx.exe
  2⤵
  PID:5476
- C:\Windows\System\EVfgvjo.exe
  C:\Windows\System\EVfgvjo.exe
  2⤵
  PID:4124
- C:\Windows\System\fSOQIVV.exe
  C:\Windows\System\fSOQIVV.exe
  2⤵
  PID:1008
- C:\Windows\System\BYvEvap.exe
  C:\Windows\System\BYvEvap.exe
  2⤵
  PID:1516
- C:\Windows\System\SvuMvPY.exe
  C:\Windows\System\SvuMvPY.exe
  2⤵
  PID:3564
- C:\Windows\System\CxyvqlG.exe
  C:\Windows\System\CxyvqlG.exe
  2⤵
  PID:3096
- C:\Windows\System\JeDecaT.exe
  C:\Windows\System\JeDecaT.exe
  2⤵
  PID:4336
- C:\Windows\System\hyQWiPP.exe
  C:\Windows\System\hyQWiPP.exe
  2⤵
  PID:4744
- C:\Windows\System\lsDlYsY.exe
  C:\Windows\System\lsDlYsY.exe
  2⤵
  PID:912
- C:\Windows\System\bFtDKxo.exe
  C:\Windows\System\bFtDKxo.exe
  2⤵
  PID:1740
- C:\Windows\System\hOJWAtg.exe
  C:\Windows\System\hOJWAtg.exe
  2⤵
  PID:3876
- C:\Windows\System\oDGZeTN.exe
  C:\Windows\System\oDGZeTN.exe
  2⤵
  PID:3788
- C:\Windows\System\qAOSNyT.exe
  C:\Windows\System\qAOSNyT.exe
  2⤵
  PID:2260
- C:\Windows\System\IZOcrNC.exe
  C:\Windows\System\IZOcrNC.exe
  2⤵
  PID:2476
- C:\Windows\System\IbxYfqD.exe
  C:\Windows\System\IbxYfqD.exe
  2⤵
  PID:928
- C:\Windows\System\vtOhhYn.exe
  C:\Windows\System\vtOhhYn.exe
  2⤵
  PID:5776
- C:\Windows\System\brJzkUw.exe
  C:\Windows\System\brJzkUw.exe
  2⤵
  PID:5904
- C:\Windows\System\DfnoshA.exe
  C:\Windows\System\DfnoshA.exe
  2⤵
  PID:5928
- C:\Windows\System\rBklbMY.exe
  C:\Windows\System\rBklbMY.exe
  2⤵
  PID:5984
- C:\Windows\System\dBYgdFY.exe
  C:\Windows\System\dBYgdFY.exe
  2⤵
  PID:6060
- C:\Windows\System\LscfkVf.exe
  C:\Windows\System\LscfkVf.exe
  2⤵
  PID:1524
- C:\Windows\System\fNCEgtF.exe
  C:\Windows\System\fNCEgtF.exe
  2⤵
  PID:752
- C:\Windows\System\ZtyoCnz.exe
  C:\Windows\System\ZtyoCnz.exe
  2⤵
  PID:1316
- C:\Windows\System\JfqxCLd.exe
  C:\Windows\System\JfqxCLd.exe
  2⤵
  PID:960
- C:\Windows\System\pIuLJDg.exe
  C:\Windows\System\pIuLJDg.exe
  2⤵
  PID:5148
- C:\Windows\System\cGFCDEu.exe
  C:\Windows\System\cGFCDEu.exe
  2⤵
  PID:5244
- C:\Windows\System\YxYsWoi.exe
  C:\Windows\System\YxYsWoi.exe
  2⤵
  PID:5396
- C:\Windows\System\FUSbLFp.exe
  C:\Windows\System\FUSbLFp.exe
  2⤵
  PID:2232
- C:\Windows\System\opLvAUQ.exe
  C:\Windows\System\opLvAUQ.exe
  2⤵
  PID:4948
- C:\Windows\System\kcgluzT.exe
  C:\Windows\System\kcgluzT.exe
  2⤵
  PID:4792
- C:\Windows\System\USKKEoN.exe
  C:\Windows\System\USKKEoN.exe
  2⤵
  PID:3540
- C:\Windows\System\bSXLMBJ.exe
  C:\Windows\System\bSXLMBJ.exe
  2⤵
  PID:3616
- C:\Windows\System\iJNLJCI.exe
  C:\Windows\System\iJNLJCI.exe
  2⤵
  PID:2068
- C:\Windows\System\ekyHobs.exe
  C:\Windows\System\ekyHobs.exe
  2⤵
  PID:5768
- C:\Windows\System\AJVuAmY.exe
  C:\Windows\System\AJVuAmY.exe
  2⤵
  PID:5960
- C:\Windows\System\iIMmaQO.exe
  C:\Windows\System\iIMmaQO.exe
  2⤵
  PID:6020
- C:\Windows\System\gfUiIio.exe
  C:\Windows\System\gfUiIio.exe
  2⤵
  PID:3328
- C:\Windows\System\kVEPfng.exe
  C:\Windows\System\kVEPfng.exe
  2⤵
  PID:936
- C:\Windows\System\KKXLRLH.exe
  C:\Windows\System\KKXLRLH.exe
  2⤵
  PID:5312
- C:\Windows\System\PsxBaDV.exe
  C:\Windows\System\PsxBaDV.exe
  2⤵
  PID:1404
- C:\Windows\System\cJawKnW.exe
  C:\Windows\System\cJawKnW.exe
  2⤵
  PID:2416
- C:\Windows\System\LytYdZU.exe
  C:\Windows\System\LytYdZU.exe
  2⤵
  PID:5968
- C:\Windows\System\JcHqtbS.exe
  C:\Windows\System\JcHqtbS.exe
  2⤵
  PID:4916
- C:\Windows\System\XWQwFEW.exe
  C:\Windows\System\XWQwFEW.exe
  2⤵
  PID:4112
- C:\Windows\System\FDnKJXM.exe
  C:\Windows\System\FDnKJXM.exe
  2⤵
  PID:404
- C:\Windows\System\GRWfaOB.exe
  C:\Windows\System\GRWfaOB.exe
  2⤵
  PID:6164
- C:\Windows\System\mmWHSzC.exe
  C:\Windows\System\mmWHSzC.exe
  2⤵
  PID:6192
- C:\Windows\System\lVHttIL.exe
  C:\Windows\System\lVHttIL.exe
  2⤵
  PID:6216
- C:\Windows\System\gpaDGxH.exe
  C:\Windows\System\gpaDGxH.exe
  2⤵
  PID:6248
- C:\Windows\System\BNkIWBO.exe
  C:\Windows\System\BNkIWBO.exe
  2⤵
  PID:6280
- C:\Windows\System\tjFORFg.exe
  C:\Windows\System\tjFORFg.exe
  2⤵
  PID:6300
- C:\Windows\System\JPNXBRf.exe
  C:\Windows\System\JPNXBRf.exe
  2⤵
  PID:6320
- C:\Windows\System\ItyARBj.exe
  C:\Windows\System\ItyARBj.exe
  2⤵
  PID:6344
- C:\Windows\System\NpbrNbp.exe
  C:\Windows\System\NpbrNbp.exe
  2⤵
  PID:6372
- C:\Windows\System\VTMzTFf.exe
  C:\Windows\System\VTMzTFf.exe
  2⤵
  PID:6396
- C:\Windows\System\LyISzkY.exe
  C:\Windows\System\LyISzkY.exe
  2⤵
  PID:6424
- C:\Windows\System\taeUcdP.exe
  C:\Windows\System\taeUcdP.exe
  2⤵
  PID:6460
- C:\Windows\System\KPXYeAu.exe
  C:\Windows\System\KPXYeAu.exe
  2⤵
  PID:6488
- C:\Windows\System\kEjvodQ.exe
  C:\Windows\System\kEjvodQ.exe
  2⤵
  PID:6520
- C:\Windows\System\FztCBLT.exe
  C:\Windows\System\FztCBLT.exe
  2⤵
  PID:6544
- C:\Windows\System\QRCOhGq.exe
  C:\Windows\System\QRCOhGq.exe
  2⤵
  PID:6572
- C:\Windows\System\ehEcpHV.exe
  C:\Windows\System\ehEcpHV.exe
  2⤵
  PID:6612
- C:\Windows\System\ZgEvelD.exe
  C:\Windows\System\ZgEvelD.exe
  2⤵
  PID:6640
- C:\Windows\System\UgsjYfu.exe
  C:\Windows\System\UgsjYfu.exe
  2⤵
  PID:6660
- C:\Windows\System\PPxSQwr.exe
  C:\Windows\System\PPxSQwr.exe
  2⤵
  PID:6692
- C:\Windows\System\VzmpYLs.exe
  C:\Windows\System\VzmpYLs.exe
  2⤵
  PID:6720
- C:\Windows\System\xvYcnwJ.exe
  C:\Windows\System\xvYcnwJ.exe
  2⤵
  PID:6752
- C:\Windows\System\ZDrBOQX.exe
  C:\Windows\System\ZDrBOQX.exe
  2⤵
  PID:6780
- C:\Windows\System\WHCigaD.exe
  C:\Windows\System\WHCigaD.exe
  2⤵
  PID:6812
- C:\Windows\System\mRSmhNA.exe
  C:\Windows\System\mRSmhNA.exe
  2⤵
  PID:6840
- C:\Windows\System\tqaenrc.exe
  C:\Windows\System\tqaenrc.exe
  2⤵
  PID:6860
- C:\Windows\System\fLFUvYY.exe
  C:\Windows\System\fLFUvYY.exe
  2⤵
  PID:6880
- C:\Windows\System\gNNaNaQ.exe
  C:\Windows\System\gNNaNaQ.exe
  2⤵
  PID:6912
- C:\Windows\System\isxZpHI.exe
  C:\Windows\System\isxZpHI.exe
  2⤵
  PID:6944
- C:\Windows\System\Zfjpulk.exe
  C:\Windows\System\Zfjpulk.exe
  2⤵
  PID:6976
- C:\Windows\System\rWAHMxb.exe
  C:\Windows\System\rWAHMxb.exe
  2⤵
  PID:7012
- C:\Windows\System\kzLXhpy.exe
  C:\Windows\System\kzLXhpy.exe
  2⤵
  PID:7040
- C:\Windows\System\PdPJLQc.exe
  C:\Windows\System\PdPJLQc.exe
  2⤵
  PID:7068
- C:\Windows\System\aRSSlBx.exe
  C:\Windows\System\aRSSlBx.exe
  2⤵
  PID:7092
- C:\Windows\System\frRUVTv.exe
  C:\Windows\System\frRUVTv.exe
  2⤵
  PID:7120
- C:\Windows\System\FTVtZyo.exe
  C:\Windows\System\FTVtZyo.exe
  2⤵
  PID:7144
- C:\Windows\System\jxpZaue.exe
  C:\Windows\System\jxpZaue.exe
  2⤵
  PID:6068
- C:\Windows\System\NTjBtMY.exe
  C:\Windows\System\NTjBtMY.exe
  2⤵
  PID:6184
- C:\Windows\System\FFuhzRl.exe
  C:\Windows\System\FFuhzRl.exe
  2⤵
  PID:6232
- C:\Windows\System\SkCAWpD.exe
  C:\Windows\System\SkCAWpD.exe
  2⤵
  PID:6296
- C:\Windows\System\MhuWCtV.exe
  C:\Windows\System\MhuWCtV.exe
  2⤵
  PID:6408
- C:\Windows\System\QBgomxp.exe
  C:\Windows\System\QBgomxp.exe
  2⤵
  PID:6436
- C:\Windows\System\FjcpzDH.exe
  C:\Windows\System\FjcpzDH.exe
  2⤵
  PID:6472
- C:\Windows\System\nXdWjhK.exe
  C:\Windows\System\nXdWjhK.exe
  2⤵
  PID:6512
- C:\Windows\System\OapEoLU.exe
  C:\Windows\System\OapEoLU.exe
  2⤵
  PID:6632
- C:\Windows\System\OtlIQOz.exe
  C:\Windows\System\OtlIQOz.exe
  2⤵
  PID:6672
- C:\Windows\System\QGoAUUq.exe
  C:\Windows\System\QGoAUUq.exe
  2⤵
  PID:6788
- C:\Windows\System\kkunwan.exe
  C:\Windows\System\kkunwan.exe
  2⤵
  PID:6852
- C:\Windows\System\FBeBZoE.exe
  C:\Windows\System\FBeBZoE.exe
  2⤵
  PID:6892
- C:\Windows\System\ypvJIRh.exe
  C:\Windows\System\ypvJIRh.exe
  2⤵
  PID:7028
- C:\Windows\System\QXWPank.exe
  C:\Windows\System\QXWPank.exe
  2⤵
  PID:7056
- C:\Windows\System\SfHurfh.exe
  C:\Windows\System\SfHurfh.exe
  2⤵
  PID:7104
- C:\Windows\System\SJYGYzQ.exe
  C:\Windows\System\SJYGYzQ.exe
  2⤵
  PID:7132
- C:\Windows\System\apvpIpy.exe
  C:\Windows\System\apvpIpy.exe
  2⤵
  PID:7160
- C:\Windows\System\iTNhmzF.exe
  C:\Windows\System\iTNhmzF.exe
  2⤵
  PID:6268
- C:\Windows\System\cdnSdoH.exe
  C:\Windows\System\cdnSdoH.exe
  2⤵
  PID:6416
- C:\Windows\System\HbvSdul.exe
  C:\Windows\System\HbvSdul.exe
  2⤵
  PID:6708
- C:\Windows\System\mVGUoHE.exe
  C:\Windows\System\mVGUoHE.exe
  2⤵
  PID:6776
- C:\Windows\System\KJzmMqd.exe
  C:\Windows\System\KJzmMqd.exe
  2⤵
  PID:6964
- C:\Windows\System\PBpjwaU.exe
  C:\Windows\System\PBpjwaU.exe
  2⤵
  PID:5180
- C:\Windows\System\ruzBaRy.exe
  C:\Windows\System\ruzBaRy.exe
  2⤵
  PID:6208
- C:\Windows\System\HocdaBe.exe
  C:\Windows\System\HocdaBe.exe
  2⤵
  PID:6500
- C:\Windows\System\ouUKzZX.exe
  C:\Windows\System\ouUKzZX.exe
  2⤵
  PID:7052
- C:\Windows\System\IHSXywO.exe
  C:\Windows\System\IHSXywO.exe
  2⤵
  PID:6388
- C:\Windows\System\ttUWKLM.exe
  C:\Windows\System\ttUWKLM.exe
  2⤵
  PID:7192
- C:\Windows\System\WhNwOgy.exe
  C:\Windows\System\WhNwOgy.exe
  2⤵
  PID:7220
- C:\Windows\System\kZpJxOX.exe
  C:\Windows\System\kZpJxOX.exe
  2⤵
  PID:7256
- C:\Windows\System\kHoVebD.exe
  C:\Windows\System\kHoVebD.exe
  2⤵
  PID:7280
- C:\Windows\System\EydOMqg.exe
  C:\Windows\System\EydOMqg.exe
  2⤵
  PID:7308
- C:\Windows\System\wAYNUaK.exe
  C:\Windows\System\wAYNUaK.exe
  2⤵
  PID:7328
- C:\Windows\System\KuISINa.exe
  C:\Windows\System\KuISINa.exe
  2⤵
  PID:7356
- C:\Windows\System\mscbbpL.exe
  C:\Windows\System\mscbbpL.exe
  2⤵
  PID:7388
- C:\Windows\System\cHeGKyJ.exe
  C:\Windows\System\cHeGKyJ.exe
  2⤵
  PID:7416
- C:\Windows\System\zONdvnV.exe
  C:\Windows\System\zONdvnV.exe
  2⤵
  PID:7440
- C:\Windows\System\USkhlyp.exe
  C:\Windows\System\USkhlyp.exe
  2⤵
  PID:7468
- C:\Windows\System\DVxCXID.exe
  C:\Windows\System\DVxCXID.exe
  2⤵
  PID:7496
- C:\Windows\System\uUceFtT.exe
  C:\Windows\System\uUceFtT.exe
  2⤵
  PID:7512
- C:\Windows\System\YdanGOU.exe
  C:\Windows\System\YdanGOU.exe
  2⤵
  PID:7540
- C:\Windows\System\SDFkpVC.exe
  C:\Windows\System\SDFkpVC.exe
  2⤵
  PID:7580
- C:\Windows\System\tZLZaiI.exe
  C:\Windows\System\tZLZaiI.exe
  2⤵
  PID:7600
- C:\Windows\System\eGevZQQ.exe
  C:\Windows\System\eGevZQQ.exe
  2⤵
  PID:7640
- C:\Windows\System\kNmQpYW.exe
  C:\Windows\System\kNmQpYW.exe
  2⤵
  PID:7660
- C:\Windows\System\ELDpLpN.exe
  C:\Windows\System\ELDpLpN.exe
  2⤵
  PID:7684
- C:\Windows\System\VLKulcr.exe
  C:\Windows\System\VLKulcr.exe
  2⤵
  PID:7716
- C:\Windows\System\taIRVfR.exe
  C:\Windows\System\taIRVfR.exe
  2⤵
  PID:7748
- C:\Windows\System\fHLZfgJ.exe
  C:\Windows\System\fHLZfgJ.exe
  2⤵
  PID:7776
- C:\Windows\System\FlRCaor.exe
  C:\Windows\System\FlRCaor.exe
  2⤵
  PID:7804
- C:\Windows\System\hplrxJK.exe
  C:\Windows\System\hplrxJK.exe
  2⤵
  PID:7832
- C:\Windows\System\zhTNnyg.exe
  C:\Windows\System\zhTNnyg.exe
  2⤵
  PID:7852
- C:\Windows\System\YUgNeYl.exe
  C:\Windows\System\YUgNeYl.exe
  2⤵
  PID:7872
- C:\Windows\System\PUkzPEv.exe
  C:\Windows\System\PUkzPEv.exe
  2⤵
  PID:7904
- C:\Windows\System\vQprsSP.exe
  C:\Windows\System\vQprsSP.exe
  2⤵
  PID:7940
- C:\Windows\System\PAERAEq.exe
  C:\Windows\System\PAERAEq.exe
  2⤵
  PID:7968
- C:\Windows\System\dxWdGnn.exe
  C:\Windows\System\dxWdGnn.exe
  2⤵
  PID:7988
- C:\Windows\System\SsaihBj.exe
  C:\Windows\System\SsaihBj.exe
  2⤵
  PID:8016
- C:\Windows\System\UUwvdzH.exe
  C:\Windows\System\UUwvdzH.exe
  2⤵
  PID:8052
- C:\Windows\System\PtpylWU.exe
  C:\Windows\System\PtpylWU.exe
  2⤵
  PID:8080
- C:\Windows\System\PtaijYw.exe
  C:\Windows\System\PtaijYw.exe
  2⤵
  PID:8108
- C:\Windows\System\CnjZNyj.exe
  C:\Windows\System\CnjZNyj.exe
  2⤵
  PID:8140
- C:\Windows\System\zSqDomM.exe
  C:\Windows\System\zSqDomM.exe
  2⤵
  PID:8172
- C:\Windows\System\hZyoMDA.exe
  C:\Windows\System\hZyoMDA.exe
  2⤵
  PID:6596
- C:\Windows\System\AscitCg.exe
  C:\Windows\System\AscitCg.exe
  2⤵
  PID:7212
- C:\Windows\System\fcxawyd.exe
  C:\Windows\System\fcxawyd.exe
  2⤵
  PID:7264
- C:\Windows\System\waUBAFk.exe
  C:\Windows\System\waUBAFk.exe
  2⤵
  PID:7316
- C:\Windows\System\dZHJKLA.exe
  C:\Windows\System\dZHJKLA.exe
  2⤵
  PID:7372
- C:\Windows\System\JANmqzM.exe
  C:\Windows\System\JANmqzM.exe
  2⤵
  PID:7484
- C:\Windows\System\PcdMTce.exe
  C:\Windows\System\PcdMTce.exe
  2⤵
  PID:7564
- C:\Windows\System\FqcCUBQ.exe
  C:\Windows\System\FqcCUBQ.exe
  2⤵
  PID:7596
- C:\Windows\System\CsEqxSI.exe
  C:\Windows\System\CsEqxSI.exe
  2⤵
  PID:7632
- C:\Windows\System\odaFdSD.exe
  C:\Windows\System\odaFdSD.exe
  2⤵
  PID:7708
- C:\Windows\System\vonSIIB.exe
  C:\Windows\System\vonSIIB.exe
  2⤵
  PID:7760
- C:\Windows\System\uogZopM.exe
  C:\Windows\System\uogZopM.exe
  2⤵
  PID:7792
- C:\Windows\System\udFWyHM.exe
  C:\Windows\System\udFWyHM.exe
  2⤵
  PID:7868
- C:\Windows\System\eGDSwee.exe
  C:\Windows\System\eGDSwee.exe
  2⤵
  PID:7896
- C:\Windows\System\flsvRhQ.exe
  C:\Windows\System\flsvRhQ.exe
  2⤵
  PID:8004
- C:\Windows\System\mwOySed.exe
  C:\Windows\System\mwOySed.exe
  2⤵
  PID:8060
- C:\Windows\System\ZLSHdTm.exe
  C:\Windows\System\ZLSHdTm.exe
  2⤵
  PID:8132
- C:\Windows\System\klbAxuD.exe
  C:\Windows\System\klbAxuD.exe
  2⤵
  PID:7188
- C:\Windows\System\upzogsj.exe
  C:\Windows\System\upzogsj.exe
  2⤵
  PID:7320
- C:\Windows\System\KSWkKrI.exe
  C:\Windows\System\KSWkKrI.exe
  2⤵
  PID:7560
- C:\Windows\System\ylGOyGZ.exe
  C:\Windows\System\ylGOyGZ.exe
  2⤵
  PID:7704
- C:\Windows\System\oWAMHkS.exe
  C:\Windows\System\oWAMHkS.exe
  2⤵
  PID:7788
- C:\Windows\System\HgsBfsz.exe
  C:\Windows\System\HgsBfsz.exe
  2⤵
  PID:8072
- C:\Windows\System\bUSqQfJ.exe
  C:\Windows\System\bUSqQfJ.exe
  2⤵
  PID:8160
- C:\Windows\System\tzgRcPu.exe
  C:\Windows\System\tzgRcPu.exe
  2⤵
  PID:7352
- C:\Windows\System\VrSNiuo.exe
  C:\Windows\System\VrSNiuo.exe
  2⤵
  PID:7672
- C:\Windows\System\FWuFXPr.exe
  C:\Windows\System\FWuFXPr.exe
  2⤵
  PID:7964
- C:\Windows\System\epgycAl.exe
  C:\Windows\System\epgycAl.exe
  2⤵
  PID:7424
- C:\Windows\System\VgaFtde.exe
  C:\Windows\System\VgaFtde.exe
  2⤵
  PID:8212
- C:\Windows\System\XJWEKdX.exe
  C:\Windows\System\XJWEKdX.exe
  2⤵
  PID:8244
- C:\Windows\System\pUSEppc.exe
  C:\Windows\System\pUSEppc.exe
  2⤵
  PID:8272
- C:\Windows\System\IEjocJm.exe
  C:\Windows\System\IEjocJm.exe
  2⤵
  PID:8288
- C:\Windows\System\uhmbmmu.exe
  C:\Windows\System\uhmbmmu.exe
  2⤵
  PID:8324
- C:\Windows\System\mpRZNIL.exe
  C:\Windows\System\mpRZNIL.exe
  2⤵
  PID:8344
- C:\Windows\System\vxHiyrk.exe
  C:\Windows\System\vxHiyrk.exe
  2⤵
  PID:8372
- C:\Windows\System\HkWRBQh.exe
  C:\Windows\System\HkWRBQh.exe
  2⤵
  PID:8400
- C:\Windows\System\DYipGWU.exe
  C:\Windows\System\DYipGWU.exe
  2⤵
  PID:8432
- C:\Windows\System\nPeoLAE.exe
  C:\Windows\System\nPeoLAE.exe
  2⤵
  PID:8464
- C:\Windows\System\SQHnIYz.exe
  C:\Windows\System\SQHnIYz.exe
  2⤵
  PID:8484
- C:\Windows\System\BkJcpkp.exe
  C:\Windows\System\BkJcpkp.exe
  2⤵
  PID:8528
- C:\Windows\System\zTFTEqZ.exe
  C:\Windows\System\zTFTEqZ.exe
  2⤵
  PID:8564
- C:\Windows\System\ADKdphE.exe
  C:\Windows\System\ADKdphE.exe
  2⤵
  PID:8580
- C:\Windows\System\zjXSYMm.exe
  C:\Windows\System\zjXSYMm.exe
  2⤵
  PID:8612
- C:\Windows\System\LafzQqo.exe
  C:\Windows\System\LafzQqo.exe
  2⤵
  PID:8636
- C:\Windows\System\PWGegEN.exe
  C:\Windows\System\PWGegEN.exe
  2⤵
  PID:8652
- C:\Windows\System\JbYdPXa.exe
  C:\Windows\System\JbYdPXa.exe
  2⤵
  PID:8668
- C:\Windows\System\yQlZCCR.exe
  C:\Windows\System\yQlZCCR.exe
  2⤵
  PID:8688
- C:\Windows\System\rqsmXxn.exe
  C:\Windows\System\rqsmXxn.exe
  2⤵
  PID:8704
- C:\Windows\System\HTyjSPX.exe
  C:\Windows\System\HTyjSPX.exe
  2⤵
  PID:8720
- C:\Windows\System\ZHLPSFw.exe
  C:\Windows\System\ZHLPSFw.exe
  2⤵
  PID:8736
- C:\Windows\System\xbkMJWT.exe
  C:\Windows\System\xbkMJWT.exe
  2⤵
  PID:8752
- C:\Windows\System\SIfWyPX.exe
  C:\Windows\System\SIfWyPX.exe
  2⤵
  PID:8780
- C:\Windows\System\QAVlrFv.exe
  C:\Windows\System\QAVlrFv.exe
  2⤵
  PID:8796
- C:\Windows\System\lTRmdMM.exe
  C:\Windows\System\lTRmdMM.exe
  2⤵
  PID:8820
- C:\Windows\System\KXfWIdf.exe
  C:\Windows\System\KXfWIdf.exe
  2⤵
  PID:8856
- C:\Windows\System\WYflugG.exe
  C:\Windows\System\WYflugG.exe
  2⤵
  PID:8884
- C:\Windows\System\lOTtwwk.exe
  C:\Windows\System\lOTtwwk.exe
  2⤵
  PID:8912
- C:\Windows\System\pGjyIGO.exe
  C:\Windows\System\pGjyIGO.exe
  2⤵
  PID:8940
- C:\Windows\System\BhWlgzH.exe
  C:\Windows\System\BhWlgzH.exe
  2⤵
  PID:8968
- C:\Windows\System\WTblwNE.exe
  C:\Windows\System\WTblwNE.exe
  2⤵
  PID:9000
- C:\Windows\System\TwkvwNE.exe
  C:\Windows\System\TwkvwNE.exe
  2⤵
  PID:9024
- C:\Windows\System\uWWlKro.exe
  C:\Windows\System\uWWlKro.exe
  2⤵
  PID:9068
- C:\Windows\System\aYjNRIN.exe
  C:\Windows\System\aYjNRIN.exe
  2⤵
  PID:9100
- C:\Windows\System\JFAvWUq.exe
  C:\Windows\System\JFAvWUq.exe
  2⤵
  PID:9132
- C:\Windows\System\lOGuqbj.exe
  C:\Windows\System\lOGuqbj.exe
  2⤵
  PID:9164
- C:\Windows\System\DlRwXVK.exe
  C:\Windows\System\DlRwXVK.exe
  2⤵
  PID:9196
- C:\Windows\System\cvZAudB.exe
  C:\Windows\System\cvZAudB.exe
  2⤵
  PID:8196
- C:\Windows\System\DOdoykK.exe
  C:\Windows\System\DOdoykK.exe
  2⤵
  PID:8228
- C:\Windows\System\uZGtsvH.exe
  C:\Windows\System\uZGtsvH.exe
  2⤵
  PID:8280
- C:\Windows\System\IzdzukE.exe
  C:\Windows\System\IzdzukE.exe
  2⤵
  PID:8388
- C:\Windows\System\XOqpIMX.exe
  C:\Windows\System\XOqpIMX.exe
  2⤵
  PID:8416
- C:\Windows\System\EgEqPac.exe
  C:\Windows\System\EgEqPac.exe
  2⤵
  PID:8504
- C:\Windows\System\IouNqNt.exe
  C:\Windows\System\IouNqNt.exe
  2⤵
  PID:8576
- C:\Windows\System\yzhTDne.exe
  C:\Windows\System\yzhTDne.exe
  2⤵
  PID:8696
- C:\Windows\System\mZrwZSk.exe
  C:\Windows\System\mZrwZSk.exe
  2⤵
  PID:8664
- C:\Windows\System\Waqewfy.exe
  C:\Windows\System\Waqewfy.exe
  2⤵
  PID:8748
- C:\Windows\System\GRVoOLo.exe
  C:\Windows\System\GRVoOLo.exe
  2⤵
  PID:8792
- C:\Windows\System\oFmRpaR.exe
  C:\Windows\System\oFmRpaR.exe
  2⤵
  PID:8844
- C:\Windows\System\osiMQic.exe
  C:\Windows\System\osiMQic.exe
  2⤵
  PID:8904
- C:\Windows\System\GFmOIKB.exe
  C:\Windows\System\GFmOIKB.exe
  2⤵
  PID:8956
- C:\Windows\System\ezjrCiM.exe
  C:\Windows\System\ezjrCiM.exe
  2⤵
  PID:9076
- C:\Windows\System\yFfQtFT.exe
  C:\Windows\System\yFfQtFT.exe
  2⤵
  PID:9124
- C:\Windows\System\WKXIYKA.exe
  C:\Windows\System\WKXIYKA.exe
  2⤵
  PID:8232
- C:\Windows\System\FsvNzZN.exe
  C:\Windows\System\FsvNzZN.exe
  2⤵
  PID:8460
- C:\Windows\System\FGrPdgs.exe
  C:\Windows\System\FGrPdgs.exe
  2⤵
  PID:8676
- C:\Windows\System\zIRniga.exe
  C:\Windows\System\zIRniga.exe
  2⤵
  PID:8520
- C:\Windows\System\zQUTiOp.exe
  C:\Windows\System\zQUTiOp.exe
  2⤵
  PID:8728
- C:\Windows\System\qDAHqxd.exe
  C:\Windows\System\qDAHqxd.exe
  2⤵
  PID:9148
- C:\Windows\System\lqYUJCz.exe
  C:\Windows\System\lqYUJCz.exe
  2⤵
  PID:9120
- C:\Windows\System\HuxOvDy.exe
  C:\Windows\System\HuxOvDy.exe
  2⤵
  PID:8624
- C:\Windows\System\SFAZpYT.exe
  C:\Windows\System\SFAZpYT.exe
  2⤵
  PID:8952
- C:\Windows\System\VlRcGAR.exe
  C:\Windows\System\VlRcGAR.exe
  2⤵
  PID:7616
- C:\Windows\System\RvJNGRM.exe
  C:\Windows\System\RvJNGRM.exe
  2⤵
  PID:9228
- C:\Windows\System\fYUSGJG.exe
  C:\Windows\System\fYUSGJG.exe
  2⤵
  PID:9256
- C:\Windows\System\VUSxFjC.exe
  C:\Windows\System\VUSxFjC.exe
  2⤵
  PID:9284
- C:\Windows\System\kFUQpuI.exe
  C:\Windows\System\kFUQpuI.exe
  2⤵
  PID:9304
- C:\Windows\System\ZddGESG.exe
  C:\Windows\System\ZddGESG.exe
  2⤵
  PID:9332
- C:\Windows\System\RSfBVsD.exe
  C:\Windows\System\RSfBVsD.exe
  2⤵
  PID:9356
- C:\Windows\System\BwoKBnx.exe
  C:\Windows\System\BwoKBnx.exe
  2⤵
  PID:9376
- C:\Windows\System\xDeefbT.exe
  C:\Windows\System\xDeefbT.exe
  2⤵
  PID:9404
- C:\Windows\System\miLNTRV.exe
  C:\Windows\System\miLNTRV.exe
  2⤵
  PID:9424
- C:\Windows\System\dRRjnhB.exe
  C:\Windows\System\dRRjnhB.exe
  2⤵
  PID:9452
- C:\Windows\System\LzZkHGC.exe
  C:\Windows\System\LzZkHGC.exe
  2⤵
  PID:9488
- C:\Windows\System\Meimxir.exe
  C:\Windows\System\Meimxir.exe
  2⤵
  PID:9524
- C:\Windows\System\CjpiEao.exe
  C:\Windows\System\CjpiEao.exe
  2⤵
  PID:9552
- C:\Windows\System\UfHrvpu.exe
  C:\Windows\System\UfHrvpu.exe
  2⤵
  PID:9580
- C:\Windows\System\EGCUAsg.exe
  C:\Windows\System\EGCUAsg.exe
  2⤵
  PID:9616
- C:\Windows\System\IVCoCus.exe
  C:\Windows\System\IVCoCus.exe
  2⤵
  PID:9652
- C:\Windows\System\MyjCMte.exe
  C:\Windows\System\MyjCMte.exe
  2⤵
  PID:9672
- C:\Windows\System\YWdIphr.exe
  C:\Windows\System\YWdIphr.exe
  2⤵
  PID:9708
- C:\Windows\System\KmmcxPW.exe
  C:\Windows\System\KmmcxPW.exe
  2⤵
  PID:9732
- C:\Windows\System\CZKPAoO.exe
  C:\Windows\System\CZKPAoO.exe
  2⤵
  PID:9752
- C:\Windows\System\fiSozam.exe
  C:\Windows\System\fiSozam.exe
  2⤵
  PID:9784
- C:\Windows\System\zzsNrNZ.exe
  C:\Windows\System\zzsNrNZ.exe
  2⤵
  PID:9816
- C:\Windows\System\WgYuOti.exe
  C:\Windows\System\WgYuOti.exe
  2⤵
  PID:9848
- C:\Windows\System\dhoYzVR.exe
  C:\Windows\System\dhoYzVR.exe
  2⤵
  PID:9880
- C:\Windows\System\ZvwCduO.exe
  C:\Windows\System\ZvwCduO.exe
  2⤵
  PID:9912
- C:\Windows\System\EMaHIIk.exe
  C:\Windows\System\EMaHIIk.exe
  2⤵
  PID:9944
- C:\Windows\System\iYBHBEl.exe
  C:\Windows\System\iYBHBEl.exe
  2⤵
  PID:9976
- C:\Windows\System\OrNcZDL.exe
  C:\Windows\System\OrNcZDL.exe
  2⤵
  PID:10008
- C:\Windows\System\mekyjxs.exe
  C:\Windows\System\mekyjxs.exe
  2⤵
  PID:10040
- C:\Windows\System\OfcDpaD.exe
  C:\Windows\System\OfcDpaD.exe
  2⤵
  PID:10064
- C:\Windows\System\AKnRpeS.exe
  C:\Windows\System\AKnRpeS.exe
  2⤵
  PID:10096
- C:\Windows\System\DPCCQbv.exe
  C:\Windows\System\DPCCQbv.exe
  2⤵
  PID:10124
- C:\Windows\System\LrUxaFG.exe
  C:\Windows\System\LrUxaFG.exe
  2⤵
  PID:10148
- C:\Windows\System\vlUXkxV.exe
  C:\Windows\System\vlUXkxV.exe
  2⤵
  PID:10180
- C:\Windows\System\JXvIJKb.exe
  C:\Windows\System\JXvIJKb.exe
  2⤵
  PID:10204
- C:\Windows\System\TUjDhfA.exe
  C:\Windows\System\TUjDhfA.exe
  2⤵
  PID:10232
- C:\Windows\System\oNpLwTA.exe
  C:\Windows\System\oNpLwTA.exe
  2⤵
  PID:8992
- C:\Windows\System\WRrrXdE.exe
  C:\Windows\System\WRrrXdE.exe
  2⤵
  PID:9240
- C:\Windows\System\xZfnvWX.exe
  C:\Windows\System\xZfnvWX.exe
  2⤵
  PID:8744
- C:\Windows\System\cTVuZbN.exe
  C:\Windows\System\cTVuZbN.exe
  2⤵
  PID:9412
- C:\Windows\System\PEhtZsM.exe
  C:\Windows\System\PEhtZsM.exe
  2⤵
  PID:9516
- C:\Windows\System\NVtDzFF.exe
  C:\Windows\System\NVtDzFF.exe
  2⤵
  PID:9592
- C:\Windows\System\hzJxpwU.exe
  C:\Windows\System\hzJxpwU.exe
  2⤵
  PID:9612
- C:\Windows\System\KSCfEIn.exe
  C:\Windows\System\KSCfEIn.exe
  2⤵
  PID:9692
- C:\Windows\System\ltIsMLn.exe
  C:\Windows\System\ltIsMLn.exe
  2⤵
  PID:9716
- C:\Windows\System\luVZcKo.exe
  C:\Windows\System\luVZcKo.exe
  2⤵
  PID:9832
- C:\Windows\System\xSgzFaC.exe
  C:\Windows\System\xSgzFaC.exe
  2⤵
  PID:9876
- C:\Windows\System\XOCWkAZ.exe
  C:\Windows\System\XOCWkAZ.exe
  2⤵
  PID:9904
- C:\Windows\System\rpHqfxS.exe
  C:\Windows\System\rpHqfxS.exe
  2⤵
  PID:9964
- C:\Windows\System\hpQIBOs.exe
  C:\Windows\System\hpQIBOs.exe
  2⤵
  PID:10060
- C:\Windows\System\veDBYPG.exe
  C:\Windows\System\veDBYPG.exe
  2⤵
  PID:10132
- C:\Windows\System\qaEYonX.exe
  C:\Windows\System\qaEYonX.exe
  2⤵
  PID:10176
- C:\Windows\System\BBbNANI.exe
  C:\Windows\System\BBbNANI.exe
  2⤵
  PID:9220
- C:\Windows\System\kANFbVW.exe
  C:\Windows\System\kANFbVW.exe
  2⤵
  PID:9352
- C:\Windows\System\rAPRaqR.exe
  C:\Windows\System\rAPRaqR.exe
  2⤵
  PID:9320
- C:\Windows\System\DTYYQPL.exe
  C:\Windows\System\DTYYQPL.exe
  2⤵
  PID:9604
- C:\Windows\System\oblsaHy.exe
  C:\Windows\System\oblsaHy.exe
  2⤵
  PID:9648
- C:\Windows\System\hMFVScS.exe
  C:\Windows\System\hMFVScS.exe
  2⤵
  PID:9812
- C:\Windows\System\MFwrNYJ.exe
  C:\Windows\System\MFwrNYJ.exe
  2⤵
  PID:9940
- C:\Windows\System\SOKIXpU.exe
  C:\Windows\System\SOKIXpU.exe
  2⤵
  PID:7452
- C:\Windows\System\jGjxKkN.exe
  C:\Windows\System\jGjxKkN.exe
  2⤵
  PID:10116
- C:\Windows\System\ZANUabT.exe
  C:\Windows\System\ZANUabT.exe
  2⤵
  PID:9292
- C:\Windows\System\LYjZpqB.exe
  C:\Windows\System\LYjZpqB.exe
  2⤵
  PID:10248
- C:\Windows\System\PymVAXC.exe
  C:\Windows\System\PymVAXC.exe
  2⤵
  PID:10280
- C:\Windows\System\pSWldiE.exe
  C:\Windows\System\pSWldiE.exe
  2⤵
  PID:10308
- C:\Windows\System\RDYHfJa.exe
  C:\Windows\System\RDYHfJa.exe
  2⤵
  PID:10332
- C:\Windows\System\GaiyVNp.exe
  C:\Windows\System\GaiyVNp.exe
  2⤵
  PID:10360
- C:\Windows\System\BOqEfkG.exe
  C:\Windows\System\BOqEfkG.exe
  2⤵
  PID:10380
- C:\Windows\System\SzgwKqv.exe
  C:\Windows\System\SzgwKqv.exe
  2⤵
  PID:10412
- C:\Windows\System\tmWyWNC.exe
  C:\Windows\System\tmWyWNC.exe
  2⤵
  PID:10444
- C:\Windows\System\ayqbPpd.exe
  C:\Windows\System\ayqbPpd.exe
  2⤵
  PID:10476
- C:\Windows\System\NvlBOKD.exe
  C:\Windows\System\NvlBOKD.exe
  2⤵
  PID:10500
- C:\Windows\System\JyJFjgW.exe
  C:\Windows\System\JyJFjgW.exe
  2⤵
  PID:10528
- C:\Windows\System\JyksMGb.exe
  C:\Windows\System\JyksMGb.exe
  2⤵
  PID:10556
- C:\Windows\System\vECLmkq.exe
  C:\Windows\System\vECLmkq.exe
  2⤵
  PID:10584
- C:\Windows\System\qsAxDNE.exe
  C:\Windows\System\qsAxDNE.exe
  2⤵
  PID:10616
- C:\Windows\System\spYLLuR.exe
  C:\Windows\System\spYLLuR.exe
  2⤵
  PID:10644
- C:\Windows\System\IwFNPro.exe
  C:\Windows\System\IwFNPro.exe
  2⤵
  PID:10668
- C:\Windows\System\RxdMnTR.exe
  C:\Windows\System\RxdMnTR.exe
  2⤵
  PID:10696
- C:\Windows\System\LlMPgVy.exe
  C:\Windows\System\LlMPgVy.exe
  2⤵
  PID:10728
- C:\Windows\System\pOtjPwT.exe
  C:\Windows\System\pOtjPwT.exe
  2⤵
  PID:10772
- C:\Windows\System\KTpFkLN.exe
  C:\Windows\System\KTpFkLN.exe
  2⤵
  PID:10788
- C:\Windows\System\AujKwoZ.exe
  C:\Windows\System\AujKwoZ.exe
  2⤵
  PID:10824
- C:\Windows\System\IoaIjMs.exe
  C:\Windows\System\IoaIjMs.exe
  2⤵
  PID:10844
- C:\Windows\System\piGkYRy.exe
  C:\Windows\System\piGkYRy.exe
  2⤵
  PID:10872
- C:\Windows\System\NeuUdRC.exe
  C:\Windows\System\NeuUdRC.exe
  2⤵
  PID:10896
- C:\Windows\System\uxJxySU.exe
  C:\Windows\System\uxJxySU.exe
  2⤵
  PID:10924
- C:\Windows\System\SXgFEGc.exe
  C:\Windows\System\SXgFEGc.exe
  2⤵
  PID:10948
- C:\Windows\System\fWIcJgI.exe
  C:\Windows\System\fWIcJgI.exe
  2⤵
  PID:10972
- C:\Windows\System\VDFVrfR.exe
  C:\Windows\System\VDFVrfR.exe
  2⤵
  PID:11004
- C:\Windows\System\xLSzqwr.exe
  C:\Windows\System\xLSzqwr.exe
  2⤵
  PID:11036
- C:\Windows\System\pWsfrcs.exe
  C:\Windows\System\pWsfrcs.exe
  2⤵
  PID:11060
- C:\Windows\System\Rbtjjso.exe
  C:\Windows\System\Rbtjjso.exe
  2⤵
  PID:11096
- C:\Windows\System\anvoTNL.exe
  C:\Windows\System\anvoTNL.exe
  2⤵
  PID:11116
- C:\Windows\System\LrtJFnQ.exe
  C:\Windows\System\LrtJFnQ.exe
  2⤵
  PID:11144
- C:\Windows\System\ppISIML.exe
  C:\Windows\System\ppISIML.exe
  2⤵
  PID:11172
- C:\Windows\System\LlpkCfs.exe
  C:\Windows\System\LlpkCfs.exe
  2⤵
  PID:11196
- C:\Windows\System\ieKjjDj.exe
  C:\Windows\System\ieKjjDj.exe
  2⤵
  PID:11224
- C:\Windows\System\NcaCuAH.exe
  C:\Windows\System\NcaCuAH.exe
  2⤵
  PID:10036
- C:\Windows\System\FfzQjst.exe
  C:\Windows\System\FfzQjst.exe
  2⤵
  PID:10104
- C:\Windows\System\VeLfCvt.exe
  C:\Windows\System\VeLfCvt.exe
  2⤵
  PID:10296
- C:\Windows\System\dhnadsY.exe
  C:\Windows\System\dhnadsY.exe
  2⤵
  PID:10328
- C:\Windows\System\HTlSOQp.exe
  C:\Windows\System\HTlSOQp.exe
  2⤵
  PID:10348
- C:\Windows\System\MeYGDlF.exe
  C:\Windows\System\MeYGDlF.exe
  2⤵
  PID:10428
- C:\Windows\System\EWKhcqF.exe
  C:\Windows\System\EWKhcqF.exe
  2⤵
  PID:10456
- C:\Windows\System\JQnpnVT.exe
  C:\Windows\System\JQnpnVT.exe
  2⤵
  PID:10524
- C:\Windows\System\BVMLGLn.exe
  C:\Windows\System\BVMLGLn.exe
  2⤵
  PID:10596
- C:\Windows\System\VzJNXpW.exe
  C:\Windows\System\VzJNXpW.exe
  2⤵
  PID:10652
- C:\Windows\System\rzgNppC.exe
  C:\Windows\System\rzgNppC.exe
  2⤵
  PID:10736
- C:\Windows\System\DECkbHy.exe
  C:\Windows\System\DECkbHy.exe
  2⤵
  PID:10832
- C:\Windows\System\QLmumDS.exe
  C:\Windows\System\QLmumDS.exe
  2⤵
  PID:10884
- C:\Windows\System\wXedYJR.exe
  C:\Windows\System\wXedYJR.exe
  2⤵
  PID:10944
- C:\Windows\System\osJBvVg.exe
  C:\Windows\System\osJBvVg.exe
  2⤵
  PID:11052
- C:\Windows\System\fzaNyuJ.exe
  C:\Windows\System\fzaNyuJ.exe
  2⤵
  PID:11132
- C:\Windows\System\ANuYHDB.exe
  C:\Windows\System\ANuYHDB.exe
  2⤵
  PID:11216
- C:\Windows\System\zyCxWPZ.exe
  C:\Windows\System\zyCxWPZ.exe
  2⤵
  PID:11244
- C:\Windows\System\GciqFgZ.exe
  C:\Windows\System\GciqFgZ.exe
  2⤵
  PID:10244
- C:\Windows\System\CPoOruR.exe
  C:\Windows\System\CPoOruR.exe
  2⤵
  PID:10516
- C:\Windows\System\vhJjGcM.exe
  C:\Windows\System\vhJjGcM.exe
  2⤵
  PID:10612
- C:\Windows\System\ghQaqUT.exe
  C:\Windows\System\ghQaqUT.exe
  2⤵
  PID:10864
- C:\Windows\System\wIbqVof.exe
  C:\Windows\System\wIbqVof.exe
  2⤵
  PID:11084
- C:\Windows\System\JVYNZLT.exe
  C:\Windows\System\JVYNZLT.exe
  2⤵
  PID:10264
- C:\Windows\System\ctuWcZC.exe
  C:\Windows\System\ctuWcZC.exe
  2⤵
  PID:10140
- C:\Windows\System\VVqVJHf.exe
  C:\Windows\System\VVqVJHf.exe
  2⤵
  PID:10812
- C:\Windows\System\XoiYIiF.exe
  C:\Windows\System\XoiYIiF.exe
  2⤵
  PID:11152
- C:\Windows\System\MmCiswL.exe
  C:\Windows\System\MmCiswL.exe
  2⤵
  PID:10908
- C:\Windows\System\MPoRUNr.exe
  C:\Windows\System\MPoRUNr.exe
  2⤵
  PID:11268
- C:\Windows\System\WsNUGWp.exe
  C:\Windows\System\WsNUGWp.exe
  2⤵
  PID:11292
- C:\Windows\System\VsQeahr.exe
  C:\Windows\System\VsQeahr.exe
  2⤵
  PID:11324
- C:\Windows\System\ZpTvcxP.exe
  C:\Windows\System\ZpTvcxP.exe
  2⤵
  PID:11356
- C:\Windows\System\ydUYSSx.exe
  C:\Windows\System\ydUYSSx.exe
  2⤵
  PID:11380
- C:\Windows\System\pGpdArO.exe
  C:\Windows\System\pGpdArO.exe
  2⤵
  PID:11408
- C:\Windows\System\OyOhUWy.exe
  C:\Windows\System\OyOhUWy.exe
  2⤵
  PID:11424
- C:\Windows\System\EGibVYQ.exe
  C:\Windows\System\EGibVYQ.exe
  2⤵
  PID:11456
- C:\Windows\System\HUVQfYo.exe
  C:\Windows\System\HUVQfYo.exe
  2⤵
  PID:11504
- C:\Windows\System\coUegIQ.exe
  C:\Windows\System\coUegIQ.exe
  2⤵
  PID:11520
- C:\Windows\System\cDUyESW.exe
  C:\Windows\System\cDUyESW.exe
  2⤵
  PID:11548
- C:\Windows\System\wMeIkSl.exe
  C:\Windows\System\wMeIkSl.exe
  2⤵
  PID:11576
- C:\Windows\System\UfWZVhn.exe
  C:\Windows\System\UfWZVhn.exe
  2⤵
  PID:11604
- C:\Windows\System\pRPhTmk.exe
  C:\Windows\System\pRPhTmk.exe
  2⤵
  PID:11636
- C:\Windows\System\woykDGS.exe
  C:\Windows\System\woykDGS.exe
  2⤵
  PID:11660
- C:\Windows\System\tYVopul.exe
  C:\Windows\System\tYVopul.exe
  2⤵
  PID:11680
- C:\Windows\System\WoqnQnl.exe
  C:\Windows\System\WoqnQnl.exe
  2⤵
  PID:11700
- C:\Windows\System\sDJQXIY.exe
  C:\Windows\System\sDJQXIY.exe
  2⤵
  PID:11732
- C:\Windows\System\SpccrYm.exe
  C:\Windows\System\SpccrYm.exe
  2⤵
  PID:11772
- C:\Windows\System\haoifAM.exe
  C:\Windows\System\haoifAM.exe
  2⤵
  PID:11808
- C:\Windows\System\YAaCoMA.exe
  C:\Windows\System\YAaCoMA.exe
  2⤵
  PID:11828
- C:\Windows\System\uqgCguB.exe
  C:\Windows\System\uqgCguB.exe
  2⤵
  PID:11856
- C:\Windows\System\pEAHCDc.exe
  C:\Windows\System\pEAHCDc.exe
  2⤵
  PID:11888
- C:\Windows\System\PACjuwW.exe
  C:\Windows\System\PACjuwW.exe
  2⤵
  PID:11912
- C:\Windows\System\rSztjRF.exe
  C:\Windows\System\rSztjRF.exe
  2⤵
  PID:11940
- C:\Windows\System\lfUEGnY.exe
  C:\Windows\System\lfUEGnY.exe
  2⤵
  PID:11972
- C:\Windows\System\kgOmDIh.exe
  C:\Windows\System\kgOmDIh.exe
  2⤵
  PID:12000
- C:\Windows\System\ozgTrHj.exe
  C:\Windows\System\ozgTrHj.exe
  2⤵
  PID:12024
- C:\Windows\System\afeerzC.exe
  C:\Windows\System\afeerzC.exe
  2⤵
  PID:12052
- C:\Windows\System\FINDuCI.exe
  C:\Windows\System\FINDuCI.exe
  2⤵
  PID:12080
- C:\Windows\System\PiZpesK.exe
  C:\Windows\System\PiZpesK.exe
  2⤵
  PID:12096
- C:\Windows\System\bLjnYNT.exe
  C:\Windows\System\bLjnYNT.exe
  2⤵
  PID:12124
- C:\Windows\System\WYkqexV.exe
  C:\Windows\System\WYkqexV.exe
  2⤵
  PID:12156
- C:\Windows\System\WsdNBxo.exe
  C:\Windows\System\WsdNBxo.exe
  2⤵
  PID:12192
- C:\Windows\System\nfrItbh.exe
  C:\Windows\System\nfrItbh.exe
  2⤵
  PID:12220
- C:\Windows\System\LcnaZcP.exe
  C:\Windows\System\LcnaZcP.exe
  2⤵
  PID:12240
- C:\Windows\System\cWEKmZo.exe
  C:\Windows\System\cWEKmZo.exe
  2⤵
  PID:12268
- C:\Windows\System\oNRxmml.exe
  C:\Windows\System\oNRxmml.exe
  2⤵
  PID:10992
- C:\Windows\System\zExJliM.exe
  C:\Windows\System\zExJliM.exe
  2⤵
  PID:11364
- C:\Windows\System\MJnpOQI.exe
  C:\Windows\System\MJnpOQI.exe
  2⤵
  PID:11404
- C:\Windows\System\cdtOmcu.exe
  C:\Windows\System\cdtOmcu.exe
  2⤵
  PID:11480
- C:\Windows\System\eCWttrP.exe
  C:\Windows\System\eCWttrP.exe
  2⤵
  PID:11560
- C:\Windows\System\dgIDALs.exe
  C:\Windows\System\dgIDALs.exe
  2⤵
  PID:11648
- C:\Windows\System\zhRWzJW.exe
  C:\Windows\System\zhRWzJW.exe
  2⤵
  PID:11728
- C:\Windows\System\fIGoLeG.exe
  C:\Windows\System\fIGoLeG.exe
  2⤵
  PID:11752
- C:\Windows\System\DZYLoLv.exe
  C:\Windows\System\DZYLoLv.exe
  2⤵
  PID:11800
- C:\Windows\System\gEoYbuq.exe
  C:\Windows\System\gEoYbuq.exe
  2⤵
  PID:11880
- C:\Windows\System\iigLYxO.exe
  C:\Windows\System\iigLYxO.exe
  2⤵
  PID:11952
- C:\Windows\System\wsdfSuK.exe
  C:\Windows\System\wsdfSuK.exe
  2⤵
  PID:11964
- C:\Windows\System\qSdyUaX.exe
  C:\Windows\System\qSdyUaX.exe
  2⤵
  PID:11988
- C:\Windows\System\yvtFFGx.exe
  C:\Windows\System\yvtFFGx.exe
  2⤵
  PID:10760
- C:\Windows\System\UHXYqBm.exe
  C:\Windows\System\UHXYqBm.exe
  2⤵
  PID:12140
- C:\Windows\System\nxBFyHl.exe
  C:\Windows\System\nxBFyHl.exe
  2⤵
  PID:12148
- C:\Windows\System\PiuQCrG.exe
  C:\Windows\System\PiuQCrG.exe
  2⤵
  PID:12204
- C:\Windows\System\FAsSGuL.exe
  C:\Windows\System\FAsSGuL.exe
  2⤵
  PID:12264
- C:\Windows\System\gmswJeS.exe
  C:\Windows\System\gmswJeS.exe
  2⤵
  PID:11492
- C:\Windows\System\sRMlAzf.exe
  C:\Windows\System\sRMlAzf.exe
  2⤵
  PID:11536
- C:\Windows\System\mbTXrpA.exe
  C:\Windows\System\mbTXrpA.exe
  2⤵
  PID:11676
- C:\Windows\System\XMskGnQ.exe
  C:\Windows\System\XMskGnQ.exe
  2⤵
  PID:11852
- C:\Windows\System\PIuvBqK.exe
  C:\Windows\System\PIuvBqK.exe
  2⤵
  PID:12040
- C:\Windows\System\COUcHGg.exe
  C:\Windows\System\COUcHGg.exe
  2⤵
  PID:12232
- C:\Windows\System\BHzkSyc.exe
  C:\Windows\System\BHzkSyc.exe
  2⤵
  PID:11372
- C:\Windows\System\lYTSarR.exe
  C:\Windows\System\lYTSarR.exe
  2⤵
  PID:11956
- C:\Windows\System\eIkUfnb.exe
  C:\Windows\System\eIkUfnb.exe
  2⤵
  PID:11804
- C:\Windows\System\exGnETk.exe
  C:\Windows\System\exGnETk.exe
  2⤵
  PID:11616
- C:\Windows\System\kNsRIdQ.exe
  C:\Windows\System\kNsRIdQ.exe
  2⤵
  PID:12292
- C:\Windows\System\RybQWKO.exe
  C:\Windows\System\RybQWKO.exe
  2⤵
  PID:12324
- C:\Windows\System\HMlBMsY.exe
  C:\Windows\System\HMlBMsY.exe
  2⤵
  PID:12356
- C:\Windows\System\YWiKurP.exe
  C:\Windows\System\YWiKurP.exe
  2⤵
  PID:12396
- C:\Windows\System\OSpvGJW.exe
  C:\Windows\System\OSpvGJW.exe
  2⤵
  PID:12416
- C:\Windows\System\UjftXVN.exe
  C:\Windows\System\UjftXVN.exe
  2⤵
  PID:12444
- C:\Windows\System\ndTRDlx.exe
  C:\Windows\System\ndTRDlx.exe
  2⤵
  PID:12476
- C:\Windows\System\VlxjhET.exe
  C:\Windows\System\VlxjhET.exe
  2⤵
  PID:12504
- C:\Windows\System\dQOzLSy.exe
  C:\Windows\System\dQOzLSy.exe
  2⤵
  PID:12532
- C:\Windows\System\YzoLsFe.exe
  C:\Windows\System\YzoLsFe.exe
  2⤵
  PID:12568
- C:\Windows\System\ZnTuxad.exe
  C:\Windows\System\ZnTuxad.exe
  2⤵
  PID:12600
- C:\Windows\System\DECxsWZ.exe
  C:\Windows\System\DECxsWZ.exe
  2⤵
  PID:12620
- C:\Windows\System\gusRNpP.exe
  C:\Windows\System\gusRNpP.exe
  2⤵
  PID:12644
- C:\Windows\System\dlrfftx.exe
  C:\Windows\System\dlrfftx.exe
  2⤵
  PID:12664
- C:\Windows\System\yvlEBYN.exe
  C:\Windows\System\yvlEBYN.exe
  2⤵
  PID:12696
- C:\Windows\System\kaUEnFZ.exe
  C:\Windows\System\kaUEnFZ.exe
  2⤵
  PID:12720
- C:\Windows\System\QfVpVfQ.exe
  C:\Windows\System\QfVpVfQ.exe
  2⤵
  PID:12752
- C:\Windows\System\rkIOiLQ.exe
  C:\Windows\System\rkIOiLQ.exe
  2⤵
  PID:12776
- C:\Windows\System\DDKhptU.exe
  C:\Windows\System\DDKhptU.exe
  2⤵
  PID:12812
- C:\Windows\System\uXcBvgd.exe
  C:\Windows\System\uXcBvgd.exe
  2⤵
  PID:12832
- C:\Windows\System\dneRseO.exe
  C:\Windows\System\dneRseO.exe
  2⤵
  PID:12864
- C:\Windows\System\zAywzVK.exe
  C:\Windows\System\zAywzVK.exe
  2⤵
  PID:12896
- C:\Windows\System\lfGrWYt.exe
  C:\Windows\System\lfGrWYt.exe
  2⤵
  PID:12924
- C:\Windows\System\LeDpadF.exe
  C:\Windows\System\LeDpadF.exe
  2⤵
  PID:12944
- C:\Windows\System\OxiarAJ.exe
  C:\Windows\System\OxiarAJ.exe
  2⤵
  PID:12976
- C:\Windows\System\eSIVHVt.exe
  C:\Windows\System\eSIVHVt.exe
  2⤵
  PID:13016
- C:\Windows\System\hharKNe.exe
  C:\Windows\System\hharKNe.exe
  2⤵
  PID:13044
- C:\Windows\System\JNdHwJf.exe
  C:\Windows\System\JNdHwJf.exe
  2⤵
  PID:13068
- C:\Windows\System\FySQkfD.exe
  C:\Windows\System\FySQkfD.exe
  2⤵
  PID:13084
- C:\Windows\System\OKIjKXh.exe
  C:\Windows\System\OKIjKXh.exe
  2⤵
  PID:13100
- C:\Windows\System\PuPuKqS.exe
  C:\Windows\System\PuPuKqS.exe
  2⤵
  PID:13128
- C:\Windows\System\uEUgGVO.exe
  C:\Windows\System\uEUgGVO.exe
  2⤵
  PID:13148
- C:\Windows\System\ZCFOJBS.exe
  C:\Windows\System\ZCFOJBS.exe
  2⤵
  PID:13168
- C:\Windows\System\nFzMFNR.exe
  C:\Windows\System\nFzMFNR.exe
  2⤵
  PID:13196
- C:\Windows\System\qQfYEpb.exe
  C:\Windows\System\qQfYEpb.exe
  2⤵
  PID:13224
- C:\Windows\System\JxOQfey.exe
  C:\Windows\System\JxOQfey.exe
  2⤵
  PID:13256
- C:\Windows\System\DSjbgDg.exe
  C:\Windows\System\DSjbgDg.exe
  2⤵
  PID:13292
- C:\Windows\System\sUBVDlQ.exe
  C:\Windows\System\sUBVDlQ.exe
  2⤵
  PID:12300
- C:\Windows\System\kUZeBFj.exe
  C:\Windows\System\kUZeBFj.exe
  2⤵
  PID:12388
- C:\Windows\System\OyFqFdW.exe
  C:\Windows\System\OyFqFdW.exe
  2⤵
  PID:12432
- C:\Windows\System\FIrjkpB.exe
  C:\Windows\System\FIrjkpB.exe
  2⤵
  PID:12500
- C:\Windows\System\DuigDlP.exe
  C:\Windows\System\DuigDlP.exe
  2⤵
  PID:12544
- C:\Windows\System\qXpqsxW.exe
  C:\Windows\System\qXpqsxW.exe
  2⤵
  PID:12616
- C:\Windows\System\YtzslYP.exe
  C:\Windows\System\YtzslYP.exe
  2⤵
  PID:12732
- C:\Windows\System\GCNpXGU.exe
  C:\Windows\System\GCNpXGU.exe
  2⤵
  PID:12688
- C:\Windows\System\ndTOtrH.exe
  C:\Windows\System\ndTOtrH.exe
  2⤵
  PID:12800
- C:\Windows\System\AgXXrxq.exe
  C:\Windows\System\AgXXrxq.exe
  2⤵
  PID:12932
- C:\Windows\System\XESzsqi.exe
  C:\Windows\System\XESzsqi.exe
  2⤵
  PID:12920
- C:\Windows\System\miDqVCB.exe
  C:\Windows\System\miDqVCB.exe
  2⤵
  PID:13000
- C:\Windows\System\biyFoxY.exe
  C:\Windows\System\biyFoxY.exe
  2⤵
  PID:13112
- C:\Windows\System\TkuzbkZ.exe
  C:\Windows\System\TkuzbkZ.exe
  2⤵
  PID:13056
- C:\Windows\System\xLLmGLP.exe
  C:\Windows\System\xLLmGLP.exe
  2⤵
  PID:13188
- C:\Windows\System\gKDfdKO.exe
  C:\Windows\System\gKDfdKO.exe
  2⤵
  PID:13280
- C:\Windows\System\zzusQYK.exe
  C:\Windows\System\zzusQYK.exe
  2⤵
  PID:13272
- C:\Windows\System\vAlSNvT.exe
  C:\Windows\System\vAlSNvT.exe
  2⤵
  PID:12376
- C:\Windows\System\VNIrRso.exe
  C:\Windows\System\VNIrRso.exe
  2⤵
  PID:12464
- C:\Windows\System\yMdadtV.exe
  C:\Windows\System\yMdadtV.exe
  2⤵
  PID:12684
- C:\Windows\System\zoNjyLb.exe
  C:\Windows\System\zoNjyLb.exe
  2⤵
  PID:12852
- C:\Windows\System\MhXZUxu.exe
  C:\Windows\System\MhXZUxu.exe
  2⤵
  PID:13096
- C:\Windows\System\OspdjGP.exe
  C:\Windows\System\OspdjGP.exe
  2⤵
  PID:13076
- C:\Windows\System\BFOrZnl.exe
  C:\Windows\System\BFOrZnl.exe
  2⤵
  PID:13236
- C:\Windows\System\BxwHQUL.exe
  C:\Windows\System\BxwHQUL.exe
  2⤵
  PID:12280
- C:\Windows\System\ppgjxrp.exe
  C:\Windows\System\ppgjxrp.exe
  2⤵
  PID:12988
- C:\Windows\System\zvQFflw.exe
  C:\Windows\System\zvQFflw.exe
  2⤵
  PID:4160
- C:\Windows\System\QLqCvTx.exe
  C:\Windows\System\QLqCvTx.exe
  2⤵
  PID:636
- C:\Windows\System\dTjKPko.exe
  C:\Windows\System\dTjKPko.exe
  2⤵
  PID:13332
- C:\Windows\System\nsrSFzk.exe
  C:\Windows\System\nsrSFzk.exe
  2⤵
  PID:13360
- C:\Windows\System\MoDCfMV.exe
  C:\Windows\System\MoDCfMV.exe
  2⤵
  PID:13400
- C:\Windows\System\qxaZrIg.exe
  C:\Windows\System\qxaZrIg.exe
  2⤵
  PID:13436
- C:\Windows\System\IyjDuTh.exe
  C:\Windows\System\IyjDuTh.exe
  2⤵
  PID:13456
- C:\Windows\System\XwtHDXm.exe
  C:\Windows\System\XwtHDXm.exe
  2⤵
  PID:13484
- C:\Windows\System\jeiFlvo.exe
  C:\Windows\System\jeiFlvo.exe
  2⤵
  PID:13504
- C:\Windows\System\YFnChkh.exe
  C:\Windows\System\YFnChkh.exe
  2⤵
  PID:13528
- C:\Windows\System\vHuyCiE.exe
  C:\Windows\System\vHuyCiE.exe
  2⤵
  PID:13556
- C:\Windows\System\vgPXZty.exe
  C:\Windows\System\vgPXZty.exe
  2⤵
  PID:13592
- C:\Windows\System\tuEQgKN.exe
  C:\Windows\System\tuEQgKN.exe
  2⤵
  PID:13616
- C:\Windows\System\jzdjOdm.exe
  C:\Windows\System\jzdjOdm.exe
  2⤵
  PID:13652
- C:\Windows\System\JgfgmMB.exe
  C:\Windows\System\JgfgmMB.exe
  2⤵
  PID:13684
- C:\Windows\System\uXrpfKg.exe
  C:\Windows\System\uXrpfKg.exe
  2⤵
  PID:13708
- C:\Windows\System\tYjxgwE.exe
  C:\Windows\System\tYjxgwE.exe
  2⤵
  PID:13740
- C:\Windows\System\tsRcfNl.exe
  C:\Windows\System\tsRcfNl.exe
  2⤵
  PID:13764
- C:\Windows\System\hCFdLGy.exe
  C:\Windows\System\hCFdLGy.exe
  2⤵
  PID:13788
- C:\Windows\System\TdXGkap.exe
  C:\Windows\System\TdXGkap.exe
  2⤵
  PID:13816
- C:\Windows\System\rYOPLUH.exe
  C:\Windows\System\rYOPLUH.exe
  2⤵
  PID:13848
- C:\Windows\System\cVFpRnR.exe
  C:\Windows\System\cVFpRnR.exe
  2⤵
  PID:13876
- C:\Windows\System\AJPbFee.exe
  C:\Windows\System\AJPbFee.exe
  2⤵
  PID:13904
- C:\Windows\System\YVYkDuk.exe
  C:\Windows\System\YVYkDuk.exe
  2⤵
  PID:13940
- C:\Windows\System\QKXCkSt.exe
  C:\Windows\System\QKXCkSt.exe
  2⤵
  PID:13976
- C:\Windows\System\uUknFpE.exe
  C:\Windows\System\uUknFpE.exe
  2⤵
  PID:14004
- C:\Windows\System\rYsIaQo.exe
  C:\Windows\System\rYsIaQo.exe
  2⤵
  PID:14036
- C:\Windows\System\IRPNyEC.exe
  C:\Windows\System\IRPNyEC.exe
  2⤵
  PID:14068
- C:\Windows\System\uQDOCIJ.exe
  C:\Windows\System\uQDOCIJ.exe
  2⤵
  PID:14096
- C:\Windows\System\tLBxwEl.exe
  C:\Windows\System\tLBxwEl.exe
  2⤵
  PID:14120
- C:\Windows\System\XoKDaeZ.exe
  C:\Windows\System\XoKDaeZ.exe
  2⤵
  PID:14148
- C:\Windows\System\oqpZfdc.exe
  C:\Windows\System\oqpZfdc.exe
  2⤵
  PID:14176
- C:\Windows\System\dPaybrB.exe
  C:\Windows\System\dPaybrB.exe
  2⤵
  PID:14204
- C:\Windows\System\FMtpupd.exe
  C:\Windows\System\FMtpupd.exe
  2⤵
  PID:14232
- C:\Windows\System\XOPsvQB.exe
  C:\Windows\System\XOPsvQB.exe
  2⤵
  PID:14260
- C:\Windows\System\PFWInuB.exe
  C:\Windows\System\PFWInuB.exe
  2⤵
  PID:14292
- C:\Windows\System\UjedbeJ.exe
  C:\Windows\System\UjedbeJ.exe
  2⤵
  PID:14328
- C:\Windows\System\tEHVUQO.exe
  C:\Windows\System\tEHVUQO.exe
  2⤵
  PID:3528

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AgkfxoT.exe

Filesize
1.6MB

MD5
97843e8f4d088fa1ec41f2eee2c78b6c

SHA1
9c22e6c0c02f78b32d78b1081527638f3f6c96ac

SHA256
0911ed80fe15638eefc39d6db1e8d94b7c12ae15d5de4272d1dc1453e4af3795

SHA512
381dd120fcdaf7b037aea778907857aceeed365f9c33428c06440db8cb04e5fd4e8a04a457d9acb67142aea55c635baee06f6705baac3c39da3e9f9c18f803e8

Download Submit
C:\Windows\System\AihOuYU.exe

Filesize
1.6MB

MD5
d00788afd93a0184c411fe7b5a45fa3b

SHA1
9f449fc9946377e95157566d0cdb36d725d66ca9

SHA256
387ff83080b4ee1e7a41184111bcecab01297c41816c91c19a07ef892ba5c3ad

SHA512
f0665ac563956738795c13e14eaf92470f0e0fcc9223cdbadce27b525e45259f53eeea3d4194e3c5e6c571feffe87b82fb28bf09e34564632e37e2e2ea72a693

Download Submit
C:\Windows\System\BAObTuO.exe

Filesize
1.6MB

MD5
657d33e98aec811d26f268b3f670be6b

SHA1
c569e0de658bc1e3968a22185d9cfa235210c01d

SHA256
4a604633437323399e8e705307c4004c73ea3a8c4cc3a6f32a9b12fe3a586c8a

SHA512
cb2ddad05268558f1253587fc41e157e661f7191c7c83674b3ef5ff8b45ab0ee99f1904089515c8ce3fd4bfb4a78c6571174ab62ebe3838e853c6b1dfbba0d99

Download Submit
C:\Windows\System\DCervDn.exe

Filesize
1.6MB

MD5
79e6098cd9ca9c5c67d3dde370949064

SHA1
fffab981e732db45ff63aada432ddb6f7d5403f6

SHA256
80bee3dd1611cd861c0fc73e4d9d7d18564f0c30f28810fe643f37d245931872

SHA512
593af81690fbc1ccbd3ed2c6af17ea607a3fe415da7a481b60ff73521038815420e1d49b15cd410aee5ea70990815f660286fae68a061a891c55b859acfcb519

Download Submit
C:\Windows\System\DhAADmb.exe

Filesize
1.6MB

MD5
014946c1beb07cb670de325ba4db790a

SHA1
9b2992509c80e060b8a376a992067fd79f38677e

SHA256
32406074d83a12c939e2592b3bb757ec1d15315b2ec2a88b26c54f2f533e6b47

SHA512
daacd0523ae60d3106acf7aebce62900748e57584d7b01597dd0cd8e3114c0fb79c4e56256f6b9df0f3fcd8777f065102499815888a52aa3a3162fc86ae49fae

Download Submit
C:\Windows\System\EIOnBFz.exe

Filesize
1.6MB

MD5
ca36a7413a81a07db1946636ea3ce76d

SHA1
ca0726db1283e474eeab1465abe148716cd25b25

SHA256
5bcd252e8213458e6718cc931aa42f5f68ffc14059dc464b9238f8b0b7c2b51f

SHA512
841e3b3ea5be034d0895db955dfa3b28c4c9b7c5e1620f1ecf5e478798a204496b1125cd67f1719c054cd3c3e377589f0ea03480ea8321df4d810ab4d7e62517

Download Submit
C:\Windows\System\EaaijNm.exe

Filesize
1.6MB

MD5
31a9583f53b6b6f0f91f163b6c2d57f8

SHA1
3bccda89c8127f65ce1b306e9706f6c8d198b113

SHA256
0205721d223d70224399263ec1a3f2e826a526aac1380a4f1cff5940817136ed

SHA512
550e0d94462396ea4d85383e18e665a69f9a9fa4e28441a7f2d105abfdace278ed8f9efa29c8dbfc9cf876f7a5f24d47622fbe4ab6f41a906d7802e34fac6f78

Download Submit
C:\Windows\System\FItrKYe.exe

Filesize
1.6MB

MD5
3d3a0399f61187bceefeceb9e128ee86

SHA1
00e8edff912c097aaba16213086da99f7c127114

SHA256
cc1563f73fbca06e4b18b0d09cc6baa2d856e4ffd1e3cc7ad4a617d50b41408a

SHA512
556ea2dc23ce744a153b64faa4db2d773476514fb0561d2c52592ea4ea44b43322993cc8045927fd7f56193b566a6d12b04382508433736d6cd32887b96e307e

Download Submit
C:\Windows\System\FVTtvIy.exe

Filesize
1.6MB

MD5
2bb43754044b0ce26db994b2e45a4ec0

SHA1
6cfb0ce00b12e16cd8539c46cb3b87c2d6c6b2e1

SHA256
686e4f0cbb3b3227c8f615f67a5a02510bd504b7b6efb8f538f9c313470a7d64

SHA512
4af55a7bd4757dc5e2df72f7131505254c652ff2dc67fdd6c2bac77ab7eecb214c9a1237c50b716a482705e747d891de5baa942ef0593d891dfb5d817a0926db

Download Submit
C:\Windows\System\KwjFmVb.exe

Filesize
1.6MB

MD5
e46d24254a923c9ee7153dc7d005d97d

SHA1
84c7b1a650f4e108f17a35f91db4ccb8c538064d

SHA256
0760c5eecd41e90d03c0bcdef60cee73a3d0e7355511603d63d461b732c9efc0

SHA512
1c1c0400df2f45b99d15532998b3270cd7ce9b7b3ae931e4ea3bc92291109dfe45f25f179d36b845b528fe962c1d6eff063f6da00f073b5300debd30ee9adef2

Download Submit
C:\Windows\System\LUyeySG.exe

Filesize
1.6MB

MD5
60e0d81bdb822ade94888cfd4d5e2d88

SHA1
d35587461fefd39778b4fb294ae47b743b0b7ad7

SHA256
056b3c55b7ce5e8575b36403dc285fb562c9a5ca2cc219d4e690286667d13e74

SHA512
6c88b85eaf964039161c866c7bf5ed4d496d4dc0f30025f198092a210097667a6332e28d96c15237e1f15aa03b60af7544c3dd222263019b21339578c379fc00

Download Submit
C:\Windows\System\NojkPjD.exe

Filesize
1.6MB

MD5
29e5931dfc80da5dbc6d54ad4ed0d1d1

SHA1
ffaa602724e29de66e98adbcba610abd4c0aa78f

SHA256
9601e3e6014d8abbfea8ab3716ccc9232d95fd501a35dc62edca9d9fe4b07b4e

SHA512
49574bdc3d03a094718ca1810523aa4c61d6610a2b185eb9ce6369b104d3a41b0fd0f02493cfab06066b9e939caa8dfd5afe2273ebee08d1927018613e4d8bb1

Download Submit
C:\Windows\System\OMBiiif.exe

Filesize
1.6MB

MD5
b80079bd1cc1d140ebba2fac02f456cc

SHA1
e022c8d157103bcbb2b03d21cbfbee60e2f22235

SHA256
93a10303744d16575fae14dea2983a4ab29eebe303edcf406f3511afad567aad

SHA512
ba068615bbde766cf74915ca599057775ea4a39f4b3135c82c1979e3d1010902d000cb595241281fa6ff58123362305cc5895b2995e304aa3cc1abcdc074d466

Download Submit
C:\Windows\System\QFzNtcY.exe

Filesize
1.6MB

MD5
95fdef4e53e815d9bcf2251d1255c1d9

SHA1
b0233a25727957f4c52c4d6c75fbfc63c91c2d53

SHA256
0a4bc498a18c04095ead4681835665fd1a5a2f1fc1efb37531138d8f83c9708a

SHA512
6967a808f08aa0e5acaf6aa48fb19867c9f0254d8192a24a74c0a9593692a88da0d4fc13e294f938df9a9bffa95969c666bb767f4ff805e8cd9a9c8b8e45b040

Download Submit
C:\Windows\System\RhwIjCD.exe

Filesize
1.6MB

MD5
1187b02459d561f3c9db050dbd319b2d

SHA1
ee098f41f31c91623ea9e341f5bbabee56962c73

SHA256
e37ef20bb1ffbdd96c710213824a3614689faedb9b3d035473813a46979e7d26

SHA512
b32f6d8ab6dafc91f4e6d9bf222197f4f911d2d5aad6e08915b3256b1a687192c117a6f16059305d359b96529bc86cbfc290ac8e3ef32b143a283ae1b134aecf

Download Submit
C:\Windows\System\SQpBkko.exe

Filesize
1.6MB

MD5
b00aec82d16d24303d01382409087455

SHA1
0a554c24d8afc34c82a833d6af45062f5af278f4

SHA256
b405eb8c7a3efd53c8730a20d90e3ee2c188e4a2d8dbd9b17c9e0ff919b47590

SHA512
0de51f119a085e08ea3899cdc80f40741c1ac5adf53fdd9560adc77866284c2f15020ddb710fa62217f8e7348d44fb33b2d28114d111ac10050117e9356632c1

Download Submit
C:\Windows\System\UKTnfXG.exe

Filesize
1.6MB

MD5
158e1522199558e265f5b271765a2f6e

SHA1
dcef40ee3de09512463cbf62300ee327cc20e635

SHA256
82f40579b47c9440bd6fc6b825a60e5315f200f96bc6c1894cabdb83f63b326e

SHA512
543f11ad6a6b1ebe1c363bc3991ae5e300fcaf3153242d642446a6211ee1f4036b6a4827e068127a9bb31235247fcff81b9c000644775235aa009e7e2b6a7759

Download Submit
C:\Windows\System\VgcGmyB.exe

Filesize
1.6MB

MD5
cfd145b5bcd08301b67da83ce477782a

SHA1
833da067114fa36633100fc39f2c1d853575b0da

SHA256
c90b2fe6493c92e690fab20ee999ccd31ee658f1b8106dcb269b74d15ff81a33

SHA512
ca81d89672d981f2b42426b714f861b59616acd0e5a000bf05e253a03110f1f9f4d54c3585a3cc97c69f2ebdd89c287c5b29a5f2766c22492d3f5d8b38e84b85

Download Submit
C:\Windows\System\VqDfmFA.exe

Filesize
1.6MB

MD5
c130219d9c963e6853331861650f5837

SHA1
5d4f336820dc05ef78f7128c949d7710ecd35c2a

SHA256
3d2ab5d0f889c3229e5827c19d575d2b859e7b0ecb7d3dcbbc7675bb948b9a1c

SHA512
3e6c138e4cafc63c733699712ae2a22c8225075b8d5d061111bd27712c062ef3db689a273736e7bb65518c091aee77faad9b96adb90c60fc6397a6894c9f2254

Download Submit
C:\Windows\System\WGFGRXd.exe

Filesize
1.6MB

MD5
93655214ac051f6de9484b2ab25bf825

SHA1
ab66143018e4bf7c714760f88606f4def9502475

SHA256
276d440b57db938e0efce1befb152a2a9a7b3a99e19bdc6fec5e779ad4db3a81

SHA512
6c12e293a511124972b5f25034b11c9fc74cb42d6e7557c773904f5130480c56b469bbe348b5d70dad3be5685fa7d09113e8d3b59770220ac1b0167e1d59d390

Download Submit
C:\Windows\System\ahfdUSp.exe

Filesize
1.6MB

MD5
9dc88896864dfe7a73cdd03d433fc8a1

SHA1
f29a529ef9cb9b115800eb1edf97bd748d301cb7

SHA256
a6838c6027c6800cc8de920e7bee86c09e1ff967d344dc7e09d2320b8a6715b7

SHA512
5ecad374c2f49fb0da4c7c64e52364f8e87c0487c96b8196eb659c3d58c3bf75caf9cd2280bd35ad9b7397fca656a05df33768e27e022278e68f5c05a86970bf

Download Submit
C:\Windows\System\bLbANtb.exe

Filesize
1.6MB

MD5
1a1f6362f9d80e0217ea6801d4b93aee

SHA1
514379d2067008253c19c4e4191d72e66a156864

SHA256
38a58edfdc387fe02d6d79dbb1ba9d206c4fa305896dd403cf08aa8e3b308b5c

SHA512
b74c6e0c0d394acff9a4a077960d90fab5c87f25f579149c5567329945fb940ab42101e5f48fd64f30e1c50d3f20934a61c9a6f02a82a94f14606e74df3e1c98

Download Submit
C:\Windows\System\dFepGgE.exe

Filesize
1.6MB

MD5
8b40cca0167eaf14d99125ba30111495

SHA1
77c518c189b4ebb9ec4448c0d6e8ed29fbe5181f

SHA256
c1263455c98a23e0010c2908efd69a4886ed81d98d4f0f4510ecc2dec44cee99

SHA512
7a910164f2c8a08280050878cdc0f9525c0ba7e1a71b1c43e8007045d9e2e474885fa645b61d86c23bda23c478b3513fe2a9f58d4adb4efbed9f6d2b833a1e94

Download Submit
C:\Windows\System\htQUQAQ.exe

Filesize
1.6MB

MD5
19bc5f5e9d0aa8fa221c01d7451f88b4

SHA1
6f47c96b29b96998d35adb8f70ce91ab4feb833f

SHA256
fbe6b540500084bf6be60a460c44051f313e622fcbeea79b7047fd6aadbb9985

SHA512
c785367bbb069214c770a27141a01acc847f00e4456eedf0d251d9f3909e13c28b681ff8a5ce306feae5137bdead5c03f2513d4a3ccd2cc700b5f927836a9a82

Download Submit
C:\Windows\System\jdbUfSp.exe

Filesize
1.6MB

MD5
cbad2bdc7efb27694675bef7981ab324

SHA1
b64ddeb93c47cf4e534f30e3b0ca9c2bc51fe82d

SHA256
7555c84b97e3c75f1431ebfbde2c5ddfda95ff5e1180c7e14906aba87b4df317

SHA512
a103ae19c093c58b58829c59211dcbcc8a281e6479f6d101a41277a872661526502672cc034cddde917d7ac49ca5c22cc395cd7f9ebff8dff4c5207551656176

Download Submit
C:\Windows\System\ljsPwRd.exe

Filesize
1.6MB

MD5
4ee028d5788e249f62db9d81a3cfb4d2

SHA1
0e2bbfdb9729e622846bd8a5f28ae723df6fa340

SHA256
5a21ae8c222d63be7012715edfc101d0b73daf5e2e1c37a8e68ea496e8d4b6d2

SHA512
db6c592562657acd05d10edd14af56b524b330f28a77751d3e3f30d9f4397710f2b8ff31e9e90a9e5e988fa6478c15a762b7bd4c95f4e67bca5bc81a78f098fa

Download Submit
C:\Windows\System\mPeLkZA.exe

Filesize
1.6MB

MD5
344441ba069494bf8c6b0cbd5ca9164a

SHA1
f2bbe348ba52d6ae2b86f04a6c47742777c479ce

SHA256
1b07678c3449b30777a0cc0de9e3412bfe6bae008ca36a3c2558909dbd105654

SHA512
328c91bfd70a29241dc98129812de393af5c1e044a1a11d959f8d5f81b66a8059aafed70adb0d92e165785f58f44a4175fd3f6d297b3b9507aebe71fdf1bb04e

Download Submit
C:\Windows\System\nidMwUQ.exe

Filesize
1.6MB

MD5
7c81f9500e886434776b2e8ced38eca1

SHA1
c5dbc85eaf45af3600d31e1495a91497b9518975

SHA256
1e6103c23f7c13fa596b8f9c320202d34e2942626818faf6f0d329226e7a9e89

SHA512
7467a9d81c333dae5d4ca443ad4de2b93a797ece74c9e6e730ccff23aee88e14bb5276d472933e4f3c3208a88a365855c171049bc4d3bbb247070938e6606e5e

Download Submit
C:\Windows\System\pQORKek.exe

Filesize
1.6MB

MD5
8f45eaf8018dcbb5f85b86f8a2b2ed48

SHA1
8fe96b90c2a51de56ccf4b36d18d52ab9419bea1

SHA256
e9f2e410eb93552c6ce81a33818610634898886906c71f2cff5742b0b9af1181

SHA512
f44f1a3fca4876230fd2b88094a08ce60540444ad61e11109cc180b6549ea08e8fd614aaa1083f288ff3c9693641679d3dc03c6be97018d30c7bdf93ea790f11

Download Submit
C:\Windows\System\qJPYsAF.exe

Filesize
1.6MB

MD5
c488e8c7c868dc8593ea18db14621e5b

SHA1
42becabc5d8a1284fd0557e655efea7de9569f8e

SHA256
1311a30589a67dca6407bb7d649926aeace9e7476bcb9daf9b801d9bb40a89e7

SHA512
8438f2d61d4817961e8b61dc8896c82b47b4730ff49db061a4c779f0d70ea4dc6e7638b84f7f2e90ad93434e4ec2d1bdeeccad23d593757ebfca29d430ea06cc

Download Submit
C:\Windows\System\rMXKQjg.exe

Filesize
1.6MB

MD5
568b0479a3aa8f7e4b8b0a5e996c7798

SHA1
c7b36d146a858109bedccff0060f07806b30329e

SHA256
08ce17c1d6d18aa06df865f6f9db50ed83df98bc49a06cfb027e3d85f7ee01b2

SHA512
f77b138860d47c70ef94b31614f26e42d2fd7f9b3b2f4cd28b1522ff4dd762a65892c8b899c8377eb2342daf3135016fb730631592e379f6b076f0fd5f26a994

Download Submit
C:\Windows\System\sMCXqaY.exe

Filesize
1.6MB

MD5
de073ce33d2697d2a91242bab0ab2bf1

SHA1
096214e475ec50173ab0c2be721f6027e1546ba6

SHA256
322742ed3f038fe7ef7352466481ab42a95a9a9bb6781ef210e63ee93b8f6e56

SHA512
c4a82a84697bef2effb08e79706cb81ab330a41216c741f4850499d278b3077faaae2a1e22414a81fea60df7f0752f2e3d52562b848568e02f99025877c18e30

Download Submit
C:\Windows\System\sakDagn.exe

Filesize
1.6MB

MD5
d601e647357094acbb741dc727d64bbe

SHA1
5e8754710fdd9fd12f8824d86eda0ec9defbe07f

SHA256
fee2a090dbf08e5a5e8dbf9c28adf6b70d6d0fdcc4143afdf1de5b44a2899b61

SHA512
fd242266eb4050f4e0b4a7b8c17551fd07f912740fa2a2bc000bfa96eb24ac7ac945684ae83d2607ff7a07da796d7c6166fb39df0adce278e406b5d1f3ffc3f8

Download Submit
C:\Windows\System\uleCteZ.exe

Filesize
1.6MB

MD5
14e129b0d6725f0b49f9fc00601b5722

SHA1
46cf27a2ef188e6eb6ddf76b63aafa8087a330fd

SHA256
807641f1db6624c98542e6e40cd40a941cef907bdace2833557a3d7bbe765f8f

SHA512
40fae2bc3dbb58ef362c6b9ee125f1d5265d4dab956fefaa5c08300ea23f3a4d81e6981f913144f6bce7257e947fa4a12e51fac56bff66fdf6a93c5a3b688c54

Download Submit
C:\Windows\System\ulwyzXx.exe

Filesize
1.6MB

MD5
51347f1446a4c649ddbe9c6f7afc1b1e

SHA1
431a9be0670381f6d29eeb4b3966f5bf28003cfc

SHA256
3f4a039ded95c80c37386ab26b60843882057e7515dabaf567889073482f7db9

SHA512
424403afe2a22e253f45e6f3095fee05761e0455837e238fa7c449aebc60dfe16e07ccaadd98b52aa1d29c70810c9ea132b6c484608a696ab7a99f9ca34d073a

Download Submit
C:\Windows\System\wAwEipj.exe

Filesize
1.6MB

MD5
9239c687907708129041d6e95923f405

SHA1
4863e1fceb34eb8273fc9de4cafc04034ef4cca9

SHA256
521e06e6c3561b1b9ac181948b1e4655e8355ccf7c71261ee5707f854225c79f

SHA512
e7b96b5908c024c6039d110bb0e88f9f5337782421a2457e902105531f4ecdf859a8891e7b6acc17e5379260d62d88f81bbc21d32f28517d76fb237ec6a9ccc3

Download Submit
C:\Windows\System\wtLVayy.exe

Filesize
1.6MB

MD5
b7a4509947c20ee1effb2b85b6c193ec

SHA1
dbb760256751c74bef22e1939498fbea4c33931c

SHA256
9628f75c5785aff51da0798dfb06009eb8d2fc77c13bba4043ceb45215ff3205

SHA512
7e2cc268c1a14e492c1396fb7ec09e555fc7d3e82a955ed73b45a2f21caee348c735a49193ad94219a400563e2d8c5d8e5b41a9f0b420b33819b93bbfa122e30

Download Submit
C:\Windows\System\xXoyVaS.exe

Filesize
1.6MB

MD5
0e3cbfa55d00cbef536fc2d18c02e8e8

SHA1
f4d8b7da8921a1321b39c7523f79629d64afe3a9

SHA256
994fe6615f7b5c124cc3d403f7344c3806fb8e40c342af8c08f9776d3e135c75

SHA512
8c835ed3021bb8d733cccc66e08680b94503ca50c1b18ea95c7122d9ed7348d628cc2bb6490e2ce1a88bb4679ecc719fed036545a1d703b9af05005d793f5102

Download Submit
C:\Windows\System\yIomMyn.exe

Filesize
1.6MB

MD5
93c61cb9ce1706764e668d7efee974eb

SHA1
7a6e12dcfe04a05def1f798b846b4daae178f709

SHA256
af2670813ce3bb0896fd79bf043a912882e8077887fabda4b419b5a42d007b5b

SHA512
4e4e9e369247f1ce8769f6b46ba22eb6e6ae2e3b933556751ad0525af05698e6dc80457c1b140837600ad88a9eb1ff88e609295302c8f7fa17424f1b98de574e

Download Submit
C:\Windows\System\yTeVZAo.exe

Filesize
1.6MB

MD5
76b82b327c717cfa0eb23587bcd78930

SHA1
0e70f649b717b068d7db78e9d52f5d36bbec7b2e

SHA256
213823e7414a5b40bec124fbaff399f8a4db7413f0b1f9e9a91efc1fe6ca2bcd

SHA512
9ea2ca7043e21b162689f97b3c1f69a26ad88af3433b11a9a3b2de2285b6077f74d13d2616307f885eabb42021220edc3b09e067fe88b4927ce7c20f51afc817

Download Submit
C:\Windows\System\yszOzeV.exe

Filesize
1.6MB

MD5
4d7d3c03113729cd331feed9026cb322

SHA1
1105f2ecde4e43eaf20cbd9c7a347f92d318a06e

SHA256
351cb122bea906c146dad3b7b93e06702f2c4a2f90520fd784b1107f52e95602

SHA512
a3cbc263e627a691c074b474e2e0a62a7704245f9f469427aece8b4ce936dafdade5181d92f99748de2257252a5211ce071fcad6bc01ca980373069833a415c5

Download Submit
memory/320-2153-0x00007FF69FB60000-0x00007FF69FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/320-238-0x00007FF69FB60000-0x00007FF69FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/460-2132-0x00007FF7F6D90000-0x00007FF7F70E4000-memory.dmp

Filesize
3.3MB

Download
memory/460-10-0x00007FF7F6D90000-0x00007FF7F70E4000-memory.dmp

Filesize
3.3MB

Download
memory/776-231-0x00007FF645E40000-0x00007FF646194000-memory.dmp

Filesize
3.3MB

Download
memory/776-2158-0x00007FF645E40000-0x00007FF646194000-memory.dmp

Filesize
3.3MB

Download
memory/888-2134-0x00007FF72D980000-0x00007FF72DCD4000-memory.dmp

Filesize
3.3MB

Download
memory/888-245-0x00007FF72D980000-0x00007FF72DCD4000-memory.dmp

Filesize
3.3MB

Download
memory/956-210-0x00007FF746EE0000-0x00007FF747234000-memory.dmp

Filesize
3.3MB

Download
memory/956-2147-0x00007FF746EE0000-0x00007FF747234000-memory.dmp

Filesize
3.3MB

Download
memory/1012-248-0x00007FF6BD3E0000-0x00007FF6BD734000-memory.dmp

Filesize
3.3MB

Download
memory/1012-2139-0x00007FF6BD3E0000-0x00007FF6BD734000-memory.dmp

Filesize
3.3MB

Download
memory/1188-175-0x00007FF64D5C0000-0x00007FF64D914000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2148-0x00007FF64D5C0000-0x00007FF64D914000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2160-0x00007FF7F4310000-0x00007FF7F4664000-memory.dmp

Filesize
3.3MB

Download
memory/1192-230-0x00007FF7F4310000-0x00007FF7F4664000-memory.dmp

Filesize
3.3MB

Download
memory/1452-246-0x00007FF7C9EA0000-0x00007FF7CA1F4000-memory.dmp

Filesize
3.3MB

Download
memory/1452-2138-0x00007FF7C9EA0000-0x00007FF7CA1F4000-memory.dmp

Filesize
3.3MB

Download
memory/1572-96-0x00007FF704CB0000-0x00007FF705004000-memory.dmp

Filesize
3.3MB

Download
memory/1572-2129-0x00007FF704CB0000-0x00007FF705004000-memory.dmp

Filesize
3.3MB

Download
memory/1572-2142-0x00007FF704CB0000-0x00007FF705004000-memory.dmp

Filesize
3.3MB

Download
memory/1592-2151-0x00007FF736BF0000-0x00007FF736F44000-memory.dmp

Filesize
3.3MB

Download
memory/1592-243-0x00007FF736BF0000-0x00007FF736F44000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2140-0x00007FF6A5720000-0x00007FF6A5A74000-memory.dmp

Filesize
3.3MB

Download
memory/1796-73-0x00007FF6A5720000-0x00007FF6A5A74000-memory.dmp

Filesize
3.3MB

Download
memory/1796-2128-0x00007FF6A5720000-0x00007FF6A5A74000-memory.dmp

Filesize
3.3MB

Download
memory/2012-247-0x00007FF6E0610000-0x00007FF6E0964000-memory.dmp

Filesize
3.3MB

Download
memory/2012-2137-0x00007FF6E0610000-0x00007FF6E0964000-memory.dmp

Filesize
3.3MB

Download
memory/2060-250-0x00007FF7FF580000-0x00007FF7FF8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2159-0x00007FF7FF580000-0x00007FF7FF8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-242-0x00007FF7A0D50000-0x00007FF7A10A4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2152-0x00007FF7A0D50000-0x00007FF7A10A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2156-0x00007FF64A1D0000-0x00007FF64A524000-memory.dmp

Filesize
3.3MB

Download
memory/2672-229-0x00007FF64A1D0000-0x00007FF64A524000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2133-0x00007FF66E3D0000-0x00007FF66E724000-memory.dmp

Filesize
3.3MB

Download
memory/2728-29-0x00007FF66E3D0000-0x00007FF66E724000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2143-0x00007FF751640000-0x00007FF751994000-memory.dmp

Filesize
3.3MB

Download
memory/2968-123-0x00007FF751640000-0x00007FF751994000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2130-0x00007FF758520000-0x00007FF758874000-memory.dmp

Filesize
3.3MB

Download
memory/3176-77-0x00007FF758520000-0x00007FF758874000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2144-0x00007FF758520000-0x00007FF758874000-memory.dmp

Filesize
3.3MB

Download
memory/3228-2149-0x00007FF7F73F0000-0x00007FF7F7744000-memory.dmp

Filesize
3.3MB

Download
memory/3228-191-0x00007FF7F73F0000-0x00007FF7F7744000-memory.dmp

Filesize
3.3MB

Download
memory/3784-2146-0x00007FF642880000-0x00007FF642BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3784-216-0x00007FF642880000-0x00007FF642BD4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-2135-0x00007FF7763A0000-0x00007FF7766F4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-37-0x00007FF7763A0000-0x00007FF7766F4000-memory.dmp

Filesize
3.3MB

Download
memory/3808-2126-0x00007FF7763A0000-0x00007FF7766F4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-0-0x00007FF67E780000-0x00007FF67EAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-2125-0x00007FF67E780000-0x00007FF67EAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-1-0x00000176C4FE0000-0x00000176C4FF0000-memory.dmp

Filesize
64KB

Download
memory/4016-2154-0x00007FF7BB2A0000-0x00007FF7BB5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4016-237-0x00007FF7BB2A0000-0x00007FF7BB5F4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2127-0x00007FF630DE0000-0x00007FF631134000-memory.dmp

Filesize
3.3MB

Download
memory/4052-49-0x00007FF630DE0000-0x00007FF631134000-memory.dmp

Filesize
3.3MB

Download
memory/4052-2136-0x00007FF630DE0000-0x00007FF631134000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2157-0x00007FF61DD90000-0x00007FF61E0E4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-176-0x00007FF61DD90000-0x00007FF61E0E4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-2131-0x00007FF61DD90000-0x00007FF61E0E4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2155-0x00007FF7F1100000-0x00007FF7F1454000-memory.dmp

Filesize
3.3MB

Download
memory/4528-251-0x00007FF7F1100000-0x00007FF7F1454000-memory.dmp

Filesize
3.3MB

Download
memory/4584-2145-0x00007FF6A41B0000-0x00007FF6A4504000-memory.dmp

Filesize
3.3MB

Download
memory/4584-249-0x00007FF6A41B0000-0x00007FF6A4504000-memory.dmp

Filesize
3.3MB

Download
memory/4912-2141-0x00007FF6C18E0000-0x00007FF6C1C34000-memory.dmp

Filesize
3.3MB

Download
memory/4912-174-0x00007FF6C18E0000-0x00007FF6C1C34000-memory.dmp

Filesize
3.3MB

Download
memory/5080-244-0x00007FF614B90000-0x00007FF614EE4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-2150-0x00007FF614B90000-0x00007FF614EE4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads